Facebook members at risk of identity theft 
(24/06/2009)
Personal information may be being placed at risk - and is perhaps best kept off the internet - following news that popular social networking website Facebook contained a flaw that could have allowed hackers to access sensitive profile information about any of the site's 200 million plus users.
Sophos notes that this data, which includes date of birth, home town, gender, family members, relationship status and political and religious views, could then have been used to commit ID fraud.
The creators of blog FBHive.com discovered a simple hack that would show everything listed in a Facebook member's "Basic Information" panel, even if this information had been hidden by the user with the website's security settings. Using the security hole, FBHive was able to access personal information about Facebook CEO Mark Zuckerberg, Digg Founder Kevin Rose, and famous blogger Cory Doctorow.
The vulnerability has now been fixed by Facebook, but it is unknown if hackers have been using information exposed by the security flaw for criminal ends.
"It's great that Facebook has fixed this loophole, but disturbing that the vulnerability was there in the first place - as millions of Facebook users could potentially have been in danger of having information snatched which they believed to have been secured," said Graham Cluley, senior technology consultant at Sophos.
"Of course, this isn't the first time that Facebook has found itself in the spotlight for not properly securing its users' information. Just last month, a security loophole was found that could have allowed identity thieves and spammers to gather users' personal email addresses. Maybe people need to learn that if they really want to be secure on social networks they shouldn't rely on the website keeping their data safe and sound - maybe it's better not to upload any personal information in the first place."
Related topics: Data management and data security Hacking and intrusion prevention Internet and Web security Security threats and vulnerabilities
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
