Facebook privacy threats lurking in new Graph Search: What to do about it

Protecting Facebook privacy is getting tougher as new features and policies make it easier to find information on all users of the social networking site. Here are some tips you can pass along to employees to help keep them safe. 

When Facebook’s Graph Search was first announced earlier this year, many privacy experts warned of the potential security implications.

Graph Search, essentially, is a search engine that allows users to search for key words and get results from their own social circle, rather than the Internet as a whole. IT security experts have argued that will make it easier to dig up information on people that can be used in phishing attacks and other scams.

Those fears became even more prevalent after Facebook announced it was removing the option to decide whether or not a profile could be found using Graph Search.

It’s not just users who should be heeding those warnings. Facebook privacy issues can be dangerous for businesses, too, as hackers often turn to social networks to try and steal important passwords from executives and other key people.

Help for phishing attacks

A recent security test showed how those hackers can use Graph Search to their advantage. A high-profile public figure in Hong Kong recently hired security firm Trustwave to see if his passwords could be stolen.

The researchers succeeded by launching a phishing attack using information gathered through Facebook’s Graph Search. Theydeveloped a tool called FBStalker that can help mine data from searches that can be used in those attacks.

The point, Trustwave says, is that even when information in someone’s profile is hidden from the public, data can be gleaned from the person’s connections — for example, using photos and posts that others have tagged the target. Graph Search makes it easier and faster to find those details.

In the case of Trustwave’s Hong Kong client, the researchers were able to learn that his wife ran a Pilates studio and used that information to launch a phishing attack. That allowed them to install malware on a computer the two shared, which in turn gave them access to the client’s passwords.

Facebook privacy tips for users

Here are some tips you can pass along to users who are concerned about their Facebook privacy — it can also help protect sensitive company information:

  • Delete anything you want to be private. Of course, the first rule of social networking privacy still applies: If you absolutely don’t want anyone to see something, don’t post it.
  • Hide your profile from “friends of friends.” One issue pointed out by some observers is that Graph Search will be able to access data posted by people on their friends list – as well as people on their friends’ friends lists. To keep people they don’t know away from their data, users can find the privacy settings listing who can see info from their timeline and make sure “friends,” rather than “friends of friends” is selected.
  • Hide past posts. The step above will regulate who can see future posts, but Facebook privacy settings require users to set separate rules for what’s already there. Users can find the setting labeled “Limit the audience for old posts on your timeline” and make changes there.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy