Facebook sharing addresses and phone numbers?

Social network

Facebook third-party application developers have been granted access to home addresses and mobile phone numbers of users, it has been warned.

Although members have to allow third-party applications to access such data, Sophos said the move by the social network could leave users in more danger from "rogue apps."

These apps can be found across Facebook, often posting spam to users' walls or linking to surveys which will earn the scammers money through commission.

Others have even tricked users into handing over their mobile numbers.

"Now, shady app developers will find it easier than ever before to gather even more personal information from users," said Graham Cluley, senior technology consultant at Sophos, in a blog.

"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."

The move will also open up more avenues for cyber criminals to steal someone's identity.

"It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends," Cluley added.

"Wouldn't it [be] better if only app developers who had been approved by Facebook were allowed to gather this information? Or - should the information be necessary for the application - wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?"

A Facebook spokesperson said developers have been handed the ability to request permission to access addresses and mobile phone numbers "to make applications built on Facebook more useful and efficient."

"You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission," the spokesperson added.

"As an additional step for this new feature, you're not able to share your friends' address or mobile information."

Koobface spreading

A variety of threats can be found on Facebook and Websense has warned a fresh Koobface scam has spread across the social network.

The illicit initiative has sent out direct messages from compromised accounts. One tactic employed by the cyber criminals was obfuscation of a malicious URL linked to in each message.

"Another tactic is the use of open redirects on the facebook.com domain itself. This gives the URL a more credible look (social engineering), as well as helping it pass basic security checks," Websense warned in a blog.

"Usually, Facebook alerts users if they're about to browse to a link outside of its domains, but no alert is triggered in this case."

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.