How Secure is Facebook?

Numerous news articles about Facebook security flaws may have social networkers think twice before joining this rapidly growing site. In spite of highly publicized Facebook security alerts and rumors, the site boasts an impressive 400 million active users⁽¹⁾, half of whom visit the site daily. With roughly 70 percent of Facebook members living or staying outside of the United States, Facebook security issues take on a decidedly international flavor.

The security risks of Facebook are in part the site’s greatest attraction: rich feature content. Numerous applications – most notably photos, user-provided links, games, groups, gifts and the marketplace – offer copious entry ways for hackers and malicious content providers to ply their trades.

In particular the Facebook games open up doors to numerous potential problems. Take for example the Facebook games security risk a player of the widely popular Vampire Wars or Farm Town applications undertakes. When adding strangers as friends – more game-playing “friends” translates into faster and higher leveling – she opens up private information and communications to a host of unknowns.

Even if an Internet user sets up a highly secure password and remembers to change all Facebook security settings to the most private level possible, there is still another risk. One of the commonly exploited Facebook security flaws is the site’s growing need of third-party Java applications for games but also other features.

When first signing into a new application, the user acknowledges that login information is shared with the third party. After accepting this condition, there is no further explanation as to what happens to the login information, for how long it will remain on record or even who has extended access to it.

Of course, not all security flaws on Facebook are the site’s fault or of its own making. In some cases the user also bears the burden of divulging information that she should hold onto. For example, a 2007 Dark Reading article⁽²⁾ revealed that some of the just-for-fun applications on the site – notably those that would reveal a user’s "stripper name" or some such fun – actually cobble it together from the user’s mother’s maiden name and perhaps also a first pet’s name.

Anyone doing online banking knows that this kind of information also frequently factors into security questions asked by banks and other online account-holding businesses. With the stripper name proudly displayed for all to see on a Facebook user’s wall, it is only a matter of time before a hacker figures out the user’s answers to security questions. The leap to identity theft of other forms of cybercrime is indeed a small one.

While it may not be possible to keep everything private on Facebook, the user should consider using the site for either only business or only pleasure. Keeping work info away from pleasurable social networking decreases the risk of inviting hackers looking for corporate information. Concurrently, minimizing posting of private information – mother’s maiden name, a first pet’s name or a place of birth – greatly enhances the Facebook user’s data security outside of Facebook.

1. Facebook. “Press Room: Statistics” (accessed February 25, 2010)
2. Dark Reading. “Experts: Security Flaws Vary on Social Networking Sites” (accessed February 25, 2010)