Facebook sharing addresses and phone numbers?

Third-party Facebook app developers have been granted access to user addresses and mobile numbers.

Social network

Facebook third-party application developers have been granted access to home addresses and mobile phone numbers of users, it has been warned.

Although members have to allow third-party applications to access such data, Sophos said the move by the social network could leave users in more danger from "rogue apps."

These apps can be found across Facebook, often posting spam to users' walls or linking to surveys which will earn the scammers money through commission.

Others have even tricked users into handing over their mobile numbers.

"Now, shady app developers will find it easier than ever before to gather even more personal information from users," said Graham Cluley, senior technology consultant at Sophos, in a blog.

"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."

The move will also open up more avenues for cyber criminals to steal someone's identity.

"It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends," Cluley added.

"Wouldn't it [be] better if only app developers who had been approved by Facebook were allowed to gather this information? Or - should the information be necessary for the application - wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?"

A Facebook spokesperson said developers have been handed the ability to request permission to access addresses and mobile phone numbers "to make applications built on Facebook more useful and efficient."

"You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission," the spokesperson added.

"As an additional step for this new feature, you're not able to share your friends' address or mobile information."

Koobface spreading

A variety of threats can be found on Facebook and Websense has warned a fresh Koobface scam has spread across the social network.

The illicit initiative has sent out direct messages from compromised accounts. One tactic employed by the cyber criminals was obfuscation of a malicious URL linked to in each message.

"Another tactic is the use of open redirects on the facebook.com domain itself. This gives the URL a more credible look (social engineering), as well as helping it pass basic security checks," Websense warned in a blog.

"Usually, Facebook alerts users if they're about to browse to a link outside of its domains, but no alert is triggered in this case."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
Big tech companies put political donations on hold following Capitol riots
Business strategy

Big tech companies put political donations on hold following Capitol riots

12 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021