A new danger for the large number of facebook users across the world, Sophos security experts have said that third-party application developers can now access your home address and mobile phone number.
"This change isn't as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data," explained Graham Cluley, Senior Technology Consultant at Sophos. "But it still sounds like a recipe for disaster, given the prevalence of rogue scam applications already on Facebook - all of which benefit from apparently being blessed by the Facebook name and brand."
Facebook is the most popular online social networking site in the world and was plagued by numerous security breaches recently. There were instances of posting of spam links to users' walls, point users to survey scams that earn them commission - and sometimes even trick users into handing over their cell phone numbers to sign them up for a premium rate service. But the recent finding will lead to personal information being compromised.
Sophos has said in no uncertain terms that Facebook should do more to curb rogue application providers before they can unleash a damaging attack on users' privacy. "Facebook told its alleged one million app developers how to ask users for permission to access this newly liberated data late on Friday night, but we already know many users don't bother reading the small print and just click the button without thinking of the consequences. What they've failed to do is explain how Facebook will become more safety-conscious now that it has taken this controversial step," added Cluley.Sophos has said that to be on the safer side to remove the address and phone number of users' from Facebook immediately. They are also encouraged to review their privacy settings.
Facebook in reply through its blog said that members would need to explicitly grant permission for apps to tap into their contact information. And they would only be able to grant that permission for their own data - users can't choose to allow access to their friends' contact information.