Facebook was informed of the problem yesterday, and said it had since fixed the bug. A spokesperson said: “We take privacy very seriously and continue to make enhancements to the site.”
The breach came on the same day (26 March) that ministers were urged to ban companies from using websites such as Facebook to gain an insight into potential employees, a process termed ‘digital dirt-digging’.
The Information Commissioner’s Office recently reiterated its warning about the risk of posting details on social networking sites after a report was released suggesting that the amount of information stored online about our lives will grow by a factor of ten by 2011.
Mike Smart of Secure Computing comments that the Facebook breach highlights how the social networking world is still evolving and “continues to harbour a host of potential threats to personal and sensitive information”. Smart also expressed worry that many organisations have inadequate safeguards to prevent confidential or defamatory information being leaked. “Users accessing social networking sites from work leave their organisation vulnerable to hackers…Organisations need to protect themselves from the websites their employees are accessing through implementing robust security on their networks”.
David Lavenda of WorkLight empathises with Secure Computing’s Mike Smart. “Just imagine what would happen if a B2C (business to consumer) document such as an employment contract were to leak in this way. The potential employee could see his or her personal details, including bank and national insurance numbers, leaking out to third parties”, he said in connection to the Facebook breach. Lavenda concluded that business access to Web 2.0 sites can produce compelling cost and working efficiencies, but that businesses should be ready to implement appropriate security measures.