Facebook third-party application developers have been granted access to home addresses and mobile phone numbers of users, it has been warned.
Although members have to allow third-party applications to access such data, Sophos said the move by the social network could leave users in more danger from "rogue apps."
These apps can be found across Facebook, often posting spam to users' walls or linking to surveys which will earn the scammers money through commission.
Others have even tricked users into handing over their mobile numbers.
"Now, shady app developers will find it easier than ever before to gather even more personal information from users," said Graham Cluley, senior technology consultant at Sophos, in a blog.
"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."
The move will also open up more avenues for cyber criminals to steal someone's identity.
"It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends," Cluley added.
"Wouldn't it [be] better if only app developers who had been approved by Facebook were allowed to gather this information? Or - should the information be necessary for the application - wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?"
A Facebook spokesperson said developers have been handed the ability to request permission to access addresses and mobile phone numbers "to make applications built on Facebook more useful and efficient."
"You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission," the spokesperson added.
"As an additional step for this new feature, you're not able to share your friends' address or mobile information."
Koobface spreading
A variety of threats can be found on Facebook and Websense has warned a fresh Koobface scam has spread across the social network.
The illicit initiative has sent out direct messages from compromised accounts. One tactic employed by the cyber criminals was obfuscation of a malicious URL linked to in each message.
"Another tactic is the use of open redirects on the facebook.com domain itself. This gives the URL a more credible look (social engineering), as well as helping it pass basic security checks," Websense warned in a blog.
"Usually, Facebook alerts users if they're about to browse to a link outside of its domains, but no alert is triggered in this case."
-
Meta to pay $725 million in Cambridge Analytica lawsuit settlementNews The settlement closes the long-running lawsuit into how Facebook's owner, Meta, handled the Cambridge Analytica scandal
-
Meta's earnings are 'cause for concern' and 2023 looks even bleakerAnalysis Calls for investor faith in metaverse tech only emphasise the worries that its investment strategy won't pay off
-
Sophos Intercept X Advanced review: A huge range of endpoint protection measures for the priceReviews A superb range of security measures and a well-designed cloud portal make endpoint protection a breeze
-
Microsoft and Meta announce integration deal between Teams and WorkplaceNews Features from both business collaboration platforms will be available to users without having to switch apps
-
Facebook is shutting down its controversial facial recognition systemNews The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology
-
'Changing name to Meat': Industry reacts to Facebook's Meta rebrandNews The rebrand attempts to provide a clearer distinction between Facebook and its umbrella company
-
Facebook's Oversight Board demands more transparencyNews Board bashed the social media giant for its preferential treatment of certain high-profile accounts
-
Facebook claims AI managed to reduce hate speech by 50%News The social media platform has hit back at claims the tech it uses to fight hate speech is inadequate
