Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Facebook enables one-click identity theft option for rogue application developers
In the "Request for Permission" window -- the one you have to accept before using an app on the Facebook platform -- look out for "Access my contact information", with the subtitle "Current Address and Mobile Phone Number" (see image above). You'd think that such important details would deserve a bolder warning, instead of the usual faded gray -- but obviously not.
As Sophos' Naked Security blog points out, making such details available in a landscape that is already packed full of rogue spam and scam applications puts Facebook users at even greater risk. With your full name and home address, identity theft basically becomes a no-brainer -- and can you imagine the SMS spam that awaits the unlucky Facebooker that gives his phone number to the wrong app developer?
Still, even if you're not bothered by this (and you can always remove your home address or mobile number from Facebook), you have wonder what Facebook will do next. Facebook is quickly becoming The One True Internet Hub, and the wealth of data it knows about us is terrifying. If access to incredibly sensitive data can be reduced to a small-font subtitle in a cluttered permission box, it's only a matter of time until you accidentally press "Allow" and fritter away your entire life story to a random rogue developer.
Comments
13
Subscribe to commentsDrakkenfyreJan 16th 2011 1:49PM
I have a better protection against accidentally clicking an Allow on something like that. I don't use Facebook.
Sebastian AnthonyJan 16th 2011 1:50PM
@Drakkenfyre You obviously don't have 1,000 REALLY CLOSE FRIENDS, like me.
axertionJan 16th 2011 2:02PM
In the end, the security of each individual lies in THAT individuals actions.
You can't blame Facebook for allowing access to the information you provided them in the first place. Does Facebook have my address? no.
If its anyone's fault their identity was stolen online, its that persons.
FezJan 16th 2011 3:40PM
@axertion
It's normal to expect a website that you have trusted with your information and that did not breach your privacy previously to continue doing so. Facebook just keeps on making these changes without letting their users know. It's crazy =\
kojo87Jan 16th 2011 4:14PM
@axertion
you're absolutely right. you can't protect people from themselves. it ASKS you to allow the application. if i ASK you to give me your social security number and credit card information and you willingly do so, you're just an idiot. the problem is people trust Facebook way too much. many people don't even realize these applications can access their info at all. they just click accept so they can find out who their 5 top crushes are.
my 13 year old brother just got on Facebook. i asked him a few questions about his security and what info he made available and it quickly became clear he had no idea what he was doing. his password was his name for crying out loud! the fact that they even allow 13 year old on Facebook shows they are just looking to get the most users possible without caring about their safety or security.
Sebastian AnthonyJan 16th 2011 7:29PM
@axertion I've never bought this argument.
It's along the same lines as 'if we didn't have cars, there wouldn't be car accidents'.
Or even 'it's not guns that kill people; people kill people!'
The fact is, humans aren't 100% sensible. We act irrationally _all the damn time_. Hide a photo of a naked woman behind a Facebook permission box, and I bet a bunch of guys would click through without reading.
That's how most malware works, by the way! Very few people in their _right mind_ would do something stupid. We're analytical creatures, after all. But it's very easy to make a human act out of sorts -- and thus very easy for such a feature to be exploited.
FezJan 16th 2011 3:38PM
This makes me really sad. I wish I didn't need to use Facebook but sadly it's unavoidable. After reading this though I'm going to make sure that I remove all of mine and teh gf's mobile/address info off of there.
mkoJan 16th 2011 7:11PM
@kojo87 No offense but a regular 13 year old has to be smarter than that.
I certainly had better passwords back when I was 13 or even 11
NyaRJan 16th 2011 9:56PM
I run this privacy statement / TOS on my facebook app:
"ALL INFORMATION SUBMITTED WILL BE COLLECTED"
You know the best way to avoid submitting this info? Not letting facebook know your home address in the first place.
DonJan 17th 2011 12:54AM
Pardon me while I check my privacy options.
DanJan 17th 2011 8:25PM
Here is another Facebook Identity theft uncovered:
http://usefulfor.me/2011/01/protect-yourself-against-facebook-fraud-identity-theft-fake-facebook-time-checker/
MaverickJan 18th 2011 1:19PM
Why even put your address in facebook! what use could it be for?
Sebastian AnthonyJan 18th 2011 1:22PM
@Maverick Because it's useful for friends/family to be able to look it up. Same with mobile number!