Many folks already had big concerns about their privacy on Facebook, but a change in policy could increase the risk.
The social networking site recently announced that developers of third-party apps can now access users’ personal information, including phone numbers and home addresses.
To get that info, developers must first ask permission in the form of a dialogue box with options to “Allow” or “Don’t Allow.” But as security vendor Sophos’s Graham Cluly points out, there are a number of attacks taking place that trick people into granting that permission.
There are already plenty of rogue applications that send spam and steal data — this new feature just makes it easier for criminals to commit identity theft, Cluly says.
The ability to access personal data is not limited to approved developers or developers making apps with a legitimate need for that information. It’s all Facebook app developers, and they aren’t all on the up-and-up.
That puts personal information at risk, and for people who use the site for business purposes, rogue developers could gather information as reconnaissance for other hacks or for sophisticated social engineering attacks.
His advice: Just delete phone numbers and addresses from your profile entirely.
You can pass that advice on to your company’s users for their personal and businesses accounts — and remind them to check privacy settings and avoid posting potentially sensitive company information to the site.