Users of the Facebook social-networking site are too gullible in giving up personal information, which could make them the targets of identity theft, according to Sophos research.
Sophos fabricated a Facebook profile and asked 200 Facebook users at random to give up personal information. Sophos says its probe involved setting up a profile page for “Freddi Stauer,” an anagram for “ID Fraudster,” displaying a small green plastic frog that divulged personal information about the fictitious Freddi. Using Freddi as the front, Sophos sent out 200 friend requests to find out how many people would respond and what kind of personal information could be collected from the Facebook users.
“It’s extremely alarming how easy it was to get users to accept Freddi,” said Ron O’Brien, senior security analyst at Sophos, which makes security products for antimalware and network-access control for business.
Out of the 200 friend requests, Sophos received 82 responses, with 72% of those respondents divulging one or more e-mail address; 84% listing their full date of birth 87% providing details about education or work; 78% listing their current address or location; 23% giving their phone number; and 26% providing their instant messaging screen name.
Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.
Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One Facebook user divulged his mother’s maiden name -- the old standard used by many financial and other Web sites to get access to account information.
Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.
According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.
“They can put a significant strain on the network and can also expose confidential corporate data to malicious outsiders,” O’Brien says.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (2)
beri gud hinformeichon!By Anonymous on April 2, 2009, 5:48 pmberi gud hinformeichon!
Reply | Read entire comment
ai wancho brei friBy Anonymous on April 2, 2009, 5:51 pmjajaja ai wanchu brei fri a yan aburrido en clases
Reply | Read entire comment
View all comments