Social networking site Facebook has been struck by another security flaw that could have exposed personal user information such as date of birth and home town.
The flaw was exposed by the creators of the blog FBHive.com, who discovered a hack that would show everything listed in a Facebook member’s Basic Information panel, whether the user had hidden this information or not.
Security vendor Sophos claimed this data could include date of birth, home town, gender, family members, relationship status and political and religious views, and could be used to commit ID fraud.
Facebook says it has now fixed the flaw. “It’s great that Facebook has fixed this loophole, but disturbing that the vulnerability was there in the first place – as millions of Facebook users could potentially have been in danger of having information snatched which they believed to have been secured,” Cluley said.
It is not the first security issue to hit the hugely popular social networking site – which claims over 200 million users. Its recent introduction of personal URLs raised the possibility of cyber-squatters grabbing a trademarked name and misusing it.
“This isn’t the first time that Facebook has found itself in the spotlight for not properly securing its users’ information. Just last month, a security loophole was found that could have allowed identity thieves and spammers to gather users’ personal email addresses, said Graham Cluley, senior technology consultant at Sophos.
Cluley warns that users should be very careful about they types of data they store online.
“Maybe people need to learn that if they really want to be secure on social networks they shouldn’t rely on the website keeping their data safe and sound – maybe it’s better not to upload any personal information in the first place,” he said.
