Search My Blog

Sunday, January 16, 2011

Facebook enables one-click identity theft option for rogue application developers

Facebook enables one-click identity theft option for rogue application developers

In a rather odd and haphazard move, Facebook has now made it possible for apps to read your home address and mobile telephone number.

In the "Request for Permission" window -- the one you have to accept before using an app on the Facebook platform -- look out for "Access my contact information", with the subtitle "Current Address and Mobile Phone Number" (see image above). You'd think that such important details would deserve a bolder warning, instead of the usual faded gray -- but obviously not.

As Sophos' Naked Security blog points out, making such details available in a landscape that is already packed full of rogue spam and scam applications puts Facebook users at even greater risk. With your full name and home address, identity theft basically becomes a no-brainer -- and can you imagine the SMS spam that awaits the unlucky Facebooker that gives his phone number to the wrong app developer?



No comments: