BOSTON -- IT security and control firm Sophos is calling on Facebook to improve its default privacy settings following new research that revealed members are unwittingly exposing their personal details on a mass scale to millions of strangers, putting themselves at risk of identity theft.
Sophos took a random snapshot of 200 users in the London Facebook network, which is the single largest geographic network on the site, with more than 1.2 million members, and found that a staggering 75 percent allow their profiles to be viewed by any other member regardless of whether they agreed to be friends. Sophos has seen evidence that Facebook users in other geographic regions are similarly exposing personal information to complete strangers, and notes that the scale of these member networks (Toronto has more than 866,000 members, Vancouver more than 476,000, New York more than 421,000) indicates how enticing this social networking site can be for cybercriminals.
Worryingly for businesses, 25 percent of London members reveal information relating to their work - details that could potentially be used by cybercriminals in their attempts to commit corporate ID fraud or to infiltrate company networks.
Facebook is made up of thousands of networks worldwide, and users are encouraged to join them in order to meet and make friends with people in their area. Even if you have previously set up your privacy settings to ensure that only friends can view your information, joining a network automatically opens your profile to every other member of the network. Sophos experts note that this is a worrying situation, particularly given the growing popularity of these networks. For instance, in May 2007, there were just 375,000 Facebook members in the London network, a three-fold increase in just four months means that an unprecedented amount of personal and corporate information is now available for strangers to view.
"I was flabbergasted when I joined a network on Facebook using a profile that I thought was secure, only to find Facebook had changed a number of settings and was opening me up to millions of strangers. Who was to say that cybercriminals weren't in that network too? Is it right that Facebook works this way?" said Graham Cluley, senior technology consultant at Sophos. "While Facebook's privacy features are far more sophisticated than competing social networking sites, too many members still aren't getting the message about how to use them effectively to help protect against ID theft. Facebook has ultimately put these privacy options in place to protect its flock so perhaps it's time for the networking phenomenon to take the next step and change its default settings so that when members join a network, they have to actively click to leave their details on show, rather than automatically letting it all hang out online."