Risk
5/5/2010
10:46 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Most Social Network Users Post Private Data

More than half of social network users post private information online, exposing themselves to malware and identity theft, study finds.

Caught up, perhaps, in the joy of reuniting with old friends and keeping up with new ones, Americans are putting themselves at risk by sharing too much personal information on social networking sites, a new study by Consumer Reports found.

Two-thirds of online households in the United States use Facebook or MySpace -- almost double the number in 2009, the magazine reported in the "State of the Net" report published in the June 2010 issue. In the study of 2,000 online households, 40% posted their full date of birth, potentially opening the door to identity theft.

About one-quarter of Facebook users with children posted their kids' names and pictures, which could expose them to predators, the magazine said. Seven percent of those polled include their home address. This, coupled with users' frequent postings of vacation or travel plans, create an open invitation to non-virtual thieves.

"Many people use social networking sites to share personal information and photos with their friends quickly and easily," said Jeff Fox, technology editor for Consumer Reports, in a statement. "However there are serious risks involved, which can be lessened by using privacy controls offered by the sites."

Almost one-tenth of respondents had experienced problems such as malware, identity theft, harassment or scams as a result of their participation in a social network, the study found.

Cybercrime cost U.S. consumers $4.5 billion over the last two years, Consumer Reports said. By comparison, cybercrime from data theft and security breaches cost businesses about $1 trillion worldwide, a 2009 McAfee study found.

Social networking sites typically offer varying degrees of privacy, yet 25% of Facebook households either did not know of them or chose not to use them, according to Consumer Reports. The site last updated its privacy settings on April 22. Facebook's recently unveiled plans to use "social plug-ins" to extend its reach could create even more confusion among end-users.

Earlier this year, Facebook began sharing some personal information about account-holders with Yelp, a business review service; Pandora, a music service site and Docs.com, a Microsoft site for spreadsheets and word processing. Some government officials, such as Sen. Chuck Schumer, D.-N.Y. and Sen. Mark Begich, D.-Alaska, are urging Facebook to adopt simpler privacy policies.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web