Users of social network sites may be far more vulnerable to financial loss, identity theft and malware infection than they realise, according to new research from Internet security firm Webroot.
The research consulted over 1,100 users of the most popular social network sites, including Facebook, LinkedIn, MySpace and Twitter. According to Webroot, the findings indicated a lack of awareness about the risks of using social network sites and in particular the information that users upload to the sites.
The vast majority (80%) of respondents claimed that they allow at least part of their profiles to be searchable through Google or other public search engines while 73% do not restrict any profile information from being visible through public search. Over half (59%) are unsure who can see their profile.
The survey also found that 28% of people accept friend requests from people they do not know.
People are worried about security on social network sites, with 78% voicing concern over the privacy of the information they share in their profiles. However, 36% use the same password across multiple sites. Using the same password on various sites was more common among younger people, the survey found, with 51% of 18-29 year olds doing this compared to 36% overall.
Young people are also far more likely to share personal information on social network sites. 67% share birthday information compared to 52% overall; 62% share home town versus 50% overall; and 45% share employer information compared to 35% overall.
“The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth,” said Mike Kronenberg, chief technology officer of Webroot’s Consumer business.
“Three in ten people Webroot polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorised password changes and ‘friend in distress’ money-stealing scams,” Kronenberg said. “The first step to staying protected is being aware of what the threats are and knowing how to help prevent them.”
Social network sites have come under a lot of scrutiny recently with a number of phishing attacks launched on Facebook and Twitter. Micro-blogging site Twitter was struck by a malware attack over the 2009 Easter weekend, which resulted in Twitter identifying and deleting almost 10,000 tweets that could have continued to spread a worm.
In May 2009 a French hacker claimed he accessed the account of a Twitter employee with administrative rights, enabling him to access accounts belonging to US president Barack Obama and singers Britney Spears and Lily Allen. Information such as email addresses, mobile phone numbers and information about other Twitter accounts that had been blocked by the user was compromised.
Facebook was recently hit by a security flaw that could have exposed personal user information including date of birth, home town, gender, family members, relationship status and political and religious views, whether the user had hidden the information or not.
Research from security firm Sophos revealed that two thirds of businesses think social networking is a security risk, as IT admins believe that employees share too much personal information via their social networking profiles.
