Facebook Wasn’t Ready For Freddi

    August 14, 2007

Forty-one percent of Facebook users are willing to share their personal information, such as email address, date of birth and phone number with a stranger, increasing their risk of identity theft according to new research from IT security company Sophos.

Facebook Wasn't Ready For Freddi
Facebook Wasn’t Ready For Freddi

To conduct the research Sophos created a fake Facebook profile and sent out 200 random friends request using the profile name "Freddi Staur" (an anagram of "ID Fraudster") to see how many people would respond and how much personal information they could gather.

"It’s extremely alarming how easy it was to get users to accept Freddi. Eighty-seven users accepted Freddi, and of those, 82 provided their personal information in the process," said Ron O’Brien, senior security analyst at Boston-based Sophos.

"While it’s unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people’s personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing emails that they know the user is more likely to open."

Sophos research also found that 72 percent of respondents shared one or more email addresses, 84 percent listed their full date of birth and 78 percent listed their current address.

"Facebook’s privacy features are far more advanced than competing social networking sites; however, there is still human factor that must be taken into account. Most people wouldn’t give out their personal information to a stranger on the street, but online in the context of a friend request, they had no problem doing so, which can have significant ramifications for the individual," O’Brien continued.

"Further, it is also important for businesses to recognize the potential threat if these sites are utilized in the workplace. They can put significant strain on the network and can also expose confidential corporate data to malicious outsiders."