Risk
5/5/2010
10:46 AM
Connect Directly
RSS
E-Mail
50%
50%

Most Social Network Users Post Private Data

More than half of social network users post private information online, exposing themselves to malware and identity theft, study finds.

Caught up, perhaps, in the joy of reuniting with old friends and keeping up with new ones, Americans are putting themselves at risk by sharing too much personal information on social networking sites, a new study by Consumer Reports found.

Two-thirds of online households in the United States use Facebook or MySpace -- almost double the number in 2009, the magazine reported in the "State of the Net" report published in the June 2010 issue. In the study of 2,000 online households, 40% posted their full date of birth, potentially opening the door to identity theft.

About one-quarter of Facebook users with children posted their kids' names and pictures, which could expose them to predators, the magazine said. Seven percent of those polled include their home address. This, coupled with users' frequent postings of vacation or travel plans, create an open invitation to non-virtual thieves.

"Many people use social networking sites to share personal information and photos with their friends quickly and easily," said Jeff Fox, technology editor for Consumer Reports, in a statement. "However there are serious risks involved, which can be lessened by using privacy controls offered by the sites."

Almost one-tenth of respondents had experienced problems such as malware, identity theft, harassment or scams as a result of their participation in a social network, the study found.

Cybercrime cost U.S. consumers $4.5 billion over the last two years, Consumer Reports said. By comparison, cybercrime from data theft and security breaches cost businesses about $1 trillion worldwide, a 2009 McAfee study found.

Social networking sites typically offer varying degrees of privacy, yet 25% of Facebook households either did not know of them or chose not to use them, according to Consumer Reports. The site last updated its privacy settings on April 22. Facebook's recently unveiled plans to use "social plug-ins" to extend its reach could create even more confusion among end-users.

Earlier this year, Facebook began sharing some personal information about account-holders with Yelp, a business review service; Pandora, a music service site and Docs.com, a Microsoft site for spreadsheets and word processing. Some government officials, such as Sen. Chuck Schumer, D.-N.Y. and Sen. Mark Begich, D.-Alaska, are urging Facebook to adopt simpler privacy policies.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.