Sophos: Facebook controversy after rogue APPS given green light to grab home addresses and phone numbers
January 2011 by Sophos
IT security and control firm Sophos is advising users of Facebook to remove their addresses and phone numbers from the site, after the social network plunged itself into controversy by announcing to developers that users’ off-site contact details will now be accessible programmatically.
In a move that, in the opinion of a Sophos security expert, could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.
"This change isn’t as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data," explained Graham Cluley, senior technology consultant at Sophos. "But it still sounds like a recipe for disaster, given the prevalence of rogue scam applications already on Facebook - all of which benefit from apparently being blessed by the Facebook name and brand."
Facebook is already plagued by rogue applications that post spam links to users’ walls, point users to survey scams that earn them commission - and sometimes even trick users into handing over their cellphone numbers to sign them up for a premium rate service.
Now, rogue app developers will find it easier than ever before to gather even more personal information from users.
Sophos believes that Facebook should be making a more publicly visible effort to eliminate rogue application providers first, before opening up such valuable and easily abused personal information to its developer community.
"Facebook told its alleged one million app developers how to ask users for permission to access this newly liberated data late on Friday night, but we already know many users don’t bother reading the small print and just click the button without thinking of the consequences," continued Cluley. "What they’ve failed to do is explain how Facebook will become more safety-conscious now that it has taken this controversial step."
Suggestions are flying around Twitter that users should change their mobile number to that of Facebook’s US customer service line, thus ensuring that any misuse of this new feature ends up paining Facebook.
Sophos advises that all Facebook users do the following:
* Remove your address and phone number from Facebook immediately. If Facebook doesn’t have this information, it can’t let it fall into the wrong hands. And you can’t be accused of deliberately giving false information.
* Review all your Facebook privacy settings. You can find a guide on how to do this at http://www.sophos.com/security/best...
* Join http://www.facebook.com/SophosSecurity for ongoing information about security risks and how to avoid them.
Read more about the issue, including screenshots and links to Facebook’s announcement, here: