Facebook tools to help data thieves

New feature that allows Facebook apps to collect user addresses and cell phone numbers could easily be used by scammers

Just when you thought the conflagration over Facebook privacy issues was winding down, Facebook has stoked the fire once again.

On Friday, the social networking company announced that it had modified its platform to make users' home addresses and phone numbers accessible to developers. Obviously, there are legitimate uses for this sort of access to user data, but the downside for users who are not careful -- very careful -- seem to far outweigh the benefits.

Security expert Graham Cluley took the company to task for even allowing the information to be put in the developers' domain. "The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles," Cluley, a security consultant at antivirus firm Sophos, wrote in a post on Sunday. "You have to ask yourself: Is Facebook putting the safety of its 500-plus million users as a top priority with this move?"

For workers who use Facebook as a business tool, rogue developers' access to their information could make pre-attack reconnaissance easier, as well as open employees up to more focused social engineering attacks.

In the attacks against Google and other large technology firms over a year ago, for example, it's likely that attackers chose targets by dredging data from social networks and corporate sites. The companies affected by those attacks had valuable intellectual property compromised by the attackers, who likely have connections to China.

Giving developers the ability to make previously private data accessible outside of the original context (most people only make their phone number and address available to friends) sets a dangerous precedent. Facebook is stating in unequivocal terms that users are responsible for their own privacy -- and the company seems unwilling to help them in any way.

The best action for users? In Facebook Privacy Settings, you can disallow app access to personal information. Or better yet -- as Cluley suggests -- you can simply delete any phone numbers or addresses from Facebook.

This article, "Facebook tools to help data thieves," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog, and for the latest in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies