KEY POINTS:
Facebook users were exposed to possible identity theft this week when the social networking site accidentally published THEIR personal information.
IT security specialist Sophos says that information belonging to many of Facebook's active users was inadvertently publically revealed as the site rolled out its new profile design.
Sophos consultant Graham Cluely says the slip-up by the website during a public beta test left birth date information visible - even if the member had requested it be kept confidential.
"I was shocked to see people's full date of birth revealed, even though I knew they had their privacy set up correctly to supposedly hide the information," said Cluley.
"It's essential that users of social networks should have confidence that their privacy will be protected - and it's especially important with information like your date of birth, which can be a golden nugget for a committed identity thief."
Sophos has published a video on its YouTube channel, demonstrating the security hole.
Cluley informed Facebook of the security mistake, and says it now appears to have been fixed.
Cluley says he informed Facebook as soon as he discovered the flaw, which now appears to have been fixed.
"It's good that Facebook fixed the problem - but can people feel confident that this kind of mistake won't happen again in future?" he asked.
"My advice to Facebook users would be, even if your date of birth is set to be non-visible, change it to a made-up date in case this kind of blunder happens again. Facebook and other social networking websites need to be more careful about protecting their members' data, or risk losing users."
A Sophos investigation into identity theft last year found that 41 per cent of Facebook users would divulge personal information like email addresses and their birth dates to a complete stranger.
- NZ HERALD STAFF
