Simple Facebook flaw put members at risk of identity theft

Simple Facebook flaw put members at risk of identity theft

Tags:   Facebook  identity theft  security flaw  Sophos

By Victor Ng | Jun 26, 2009

Thumbnail: 

IT security and control firm Sophos is again reminding Internet users that their personal information may be being placed at risk - and is perhaps best kept off the internet - following news that popular social networking website Facebook contained a flaw that could have allowed hackers to access sensitive profile information about any of the site's 200-million-plus users.

Sophos notes that this data, which includes date of birth, home town, gender, family members, relationship status and political and religious views, could then have been used to commit ID fraud.

The creators of blog FBHive.com discovered a simple hack that would show everything listed in a Facebook member's "Basic Information" panel, even if this information had been hidden by the user with the website's security settings. Using the security hole, FBHive was able to access personal information about Facebook CEO Mark Zuckerberg, Digg Founder Kevin Rose, and famous blogger Cory Doctorow.

The vulnerability has now been fixed by Facebook, but it is unknown if hackers have been using information exposed by the security flaw for criminal ends.

"It's great that Facebook has fixed this loophole, but disturbing that the vulnerability was there in the first place - as millions of Facebook users could potentially have been in danger of having information snatched which they believed to have been secured," said Graham Cluley, senior technology consultant at Sophos.

This isn't the first time that Facebook has found itself in the spotlight for not properly securing its users' information. Just last month, a security loophole was found that could have allowed identity thieves and spammers to gather users' personal email addresses.

Cluley added: "Maybe people need to learn that if they really want to be secure on social networks they shouldn't rely on the website keeping their data safe and sound - maybe it's better not to upload any personal information in the first place."

For a video of the hack discovered by FBHive, please visit: http://vimeo.com/5280042
 

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Outlook: Emerging security technology trends
As part of an ongoing discussion from IBM, this white paper helps us to gain a perspective on the security challenges organizations will face in the next few years. What fundamental technology trends are expected to impact organizations this and the following years? And how can organizations position themselves to profit from the myriad opportunities while managing the risk that inevitably accompanies them?
Top 10 challenges for managing emails
MessageLabs surveyed 157 IT professionals to understand the difficulties and opportunities faced by email managers. What kept them awake at night? What cost the most money or took the most time? And from these responses highlight some easy-to-manage solutions to their most pressing problems. This paper presents the results of the survey and actionable recommendations.
 
 
 
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
Budget-conscious NGO cuts costs and improves IT productivity with Symantec
St James' Settlement reduces staff time spent on data protection administration by 80% and on software inventories by almost 100%.
 
 
 

Recent popular content

Most Read
Tripwire steps into SIEM territory
What to do with Microsoft SMB2 vulnerability
Internet Explorer vulnerabities cause data leakage
Microsoft expands SDL program
Top 10 challenges for managing emails

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS