Facebook tools to help data thieves

From InfoWorld: Just when you thought the conflagration over Facebook privacy issues was winding down, Facebook has stoked the fire once again.

On Friday, the social networking company announced that it had modified its platform to make users' home addresses and phone numbers accessible to developers. Obviously, there are legitimate uses for this sort of access to user data, but the downside for users who are not careful -- very careful -- seem to far outweigh the benefits.

Security expert Graham Cluley took the company to task for even allowing the information to be put in the developers' domain. "The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles," Cluley, a security consultant at antivirus firm Sophos, wrote in a post on Sunday. "You have to ask yourself: Is Facebook putting the safety of its 500-plus million users as a top priority with this move?"

For workers who use Facebook as a business tool, rogue developers' access to their information could make pre-attack reconnaissance easier, as well as open employees up to more focused social engineering attacks.

In the attacks against Google and other large technology firms over a year ago, for example, it's likely that attackers chose targets by dredging data from social networks and corporate sites. The companies affected by those attacks had valuable intellectual property compromised by the attackers, who likely have connections to China.

View: Article @ Source Site