Better know who your Facebook friends are.
According to a new report
from Sophos, an IT security and control firm, 41 percent of Facebook
users willingly divulge personal information, such as e-mail addresses,
dates of birth and phone numbers to complete strangers.
To perform the study, Sophos created a Facebook profile under the
name “Freddi Staur,” an anagram for “ID Fraudster.” For a profile
picture, Sophos chose an image of a shiny, happy-looking frog statue.
Sophos then sent out 200 friend requests to observe how many people
would respond, and how much personal information could be gleaned
from the respondents.
Out of that small sample size, 72 percent of
respondents divulged one or more e-mail address, 84 percent listed
their full date of birth, 78 percent listed their current address or
location, 26 percent provided their instant messaging screen name and
23 percent listed their current phone numbers.
In total, 87 of the 200 Facebook users contacted responded to Freddi,
with 82 divulging personal information.
With access to that sort of personal information, “Freddi Staur,” or
a real “ID Fraudster,” have “enough information to create phishing
e-mails or malware specifically targeted at individual users or
businesses, to guess users’ passwords, impersonate them or even stalk
them,” Sophos senior technology consultant Graham Cluley said in a
spokeswoman Brandee Barker told Internetnews.com that the Sophos report describes Facebook’s privacy features as “far beyond those of many
competing social networks.”
“Facebook has long deployed technology that limits the availability of personal information and welcomes every opportunity to educate users about how to protect their data online.”
Sophos’s Facebook privacy concerns are only its latest.
In an Aug. 6 post on one of its official blogs, Facebook was forced
to warn developers that, as the post’s title read, “Misleading
Notifications To Users Will Be Blocked.”
“Over the last few weeks we have noticed several developers
misleading our users into clicking on links, adding applications and
taking actions,” the post reads.
“While the majority of developers are doing the right thing and
playing by the rules, a few aren’t – and are creating spam as a result.”
On July 31, the site went down for several hours. Later, Barker said a bug in the system
had exposed a group of users to private users’ pages.
“This was not the result of a security breach,” Barker said in a
But something broke, just as precautions against misleading
applications seems to have failed to a degree.