Sunday, January 30, 2011

Facebook enables one-click identity theft option for rogue application developers

In a rather odd and haphazard move, Facebook has now made it possible for apps to read your home address and mobile telephone number.

In the "Request for Permission" window -- the one you have to accept before using an app on the Facebook platform -- look out for "Access my contact information", with the subtitle "Current Address and Mobile Phone Number" (see image above). You'd think that such important details would deserve a bolder warning, instead of the usual faded gray -- but obviously not.

As Sophos' Naked Security blog points out, making such details available in a landscape that is already packed full of rogue spam and scam applications puts Facebook users at even greater risk. With your full name and home address, identity theft basically becomes a no-brainer -- and can you imagine the SMS spam that awaits the unlucky Facebooker that gives his phone number to the wrong app developer?

Still, even if you're not bothered by this (and you can always remove your home address or mobile number from Facebook), you have wonder what Facebook will do next. Facebook is quickly becoming The One True Internet Hub, and the wealth of data it knows about us is terrifying. If access to incredibly sensitive data can be reduced to a small-font subtitle in a cluttered permission box, it's only a matter of time until you accidentally press "Allow" and fritter away your entire life story to a random rogue developer.

Facebook enables one-click identity theft option for rogue application developers originally appeared on Download Squad on Sun, 16 Jan 2011 12:26:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

GOOGLE GOOGLE FORMFACTOR FISERV

No comments:

Post a Comment