Jul 25 2008 : Social networking site Facebook has experienced a data breach which put millions of users at risk of ID fraud, an IT security firm has revealed.
During a public beta test of a new version of the site, Facebook accidentally exposed its members' full date of birth, reports UK-based Sophos. The breach included members who had specified they wanted the information kept secret. Anyone logging on to Facebook during the breach would have been able to see other members' date of birth, regardless of privacy settings in place. Facebook, which has around 80 million active users worldwide, has now fixed the problem, Sophos says. This follows another breach in March 2008, where users' photos could be seen by anyone. These breaches highlight the problems associated with social networking sites, warns fraud prevention firm Equifax. "Access to the date of birth of millions of users provides a golden opportunity for fraudsters," says Neil Munroe, Equifax's UK external affairs director. "It's frightening how little data fraudsters need to be able to open accounts in an individual's name, rack up huge debts, and leave the victim, at best, spending hundreds of hours sorting out the problem and, at worse, picking up the bill." Munroe says that many social networking users fail to realize how valuable their personal information is. "An Equifax survey last year found that, of those using social networking sites, 21 percent did not use the privacy setting at all," he says. The survey found that 87 percent of respondents had their full name and 38 percent their date of birth on their social networking profile. Also, 27 percent placed their education history online and 26 percent did the same with their work history. "Social networkers must think carefully about what information they put online," Munro says. "We advise people to put only the most basic of personal details on social networking sites, making it harder for ID fraudsters."