Just days after pieces of Facebook’s source code leaked far and wide, a new report claims the social networking site’s users are more vulnerable to identity theft due to the information they’re willing to reveal online. Sophos, a Boston-based security firm, found that 41 percent of Facebook users will divulge personal information to a stranger, including birth dates, phone numbers, and e-mail addresses.
The firm conducted their study by creating a fake Facebook profile with the curious name of “Freddi Staur.” After filling in some details about their fictional test subject, including posting a picture of Freddi – a green plastic frog – the team invited 200 random Facebook users to befriend him. Eighty-seven clueless users accepted Freddi as a friend, and of them, 82 had their profiles configured to reveal personal information to friends.
Much of the information Sophos obtained could be used by fraudsters to steal users’ identities or even just spam them more effectively. For instance, knowing a birthday could be used to trick someone into thinking a malicious e-mail virus is actually a birthday card. Even more troubling, one user gave away his mother’s maiden name, a common security measure for banks.
"What’s worrying is how easy it was for Freddi to go about his business,” said Graham Cluely, a senior technology consultant at Sophos, in a statement. “He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users’ passwords, impersonate them or even stalk them.”
In response to their startling findings, the Sophos team has posted a Facebook best-practice guide advising users how much information they can safely divulge.
