Facebook users make their personal data easy to retrieve, researchers say
Here's a story that will make you think twice about what you share on Facebook. Researchers with the University of British Columbia's NetSysLab let loose what are called "socialbots" on Facebook, and came away with 250 gigabytes of personally identifiable data. The results of the study show that Facebook users need to be much more cognizant of exactly what they share, and who they add as friends.
A socialbot is a bot that comes in the form of a faked user profile. The bot friend requests users on the site, and then once the requests are accepted, it downloads the personal information on the profile. NetSysLab researchers report a success rate of up to 80 percent in tricking Facebook users into adding the fake profiles and making matters worse, Facebook's protective measures did little to detect or prevent the researcher's infiltration.
Three years ago the social network created the Facebook Immune System, which has since evolved into a complex set of algorithms that inspects nearly every status and action on the site. It is intended to detect suspicious patterns of behavior, but NetSysLab researchers say it did little to prevent their efforts.
Researchers found that one in five Facebook users it initially targeted accepted friend requests from the bots even though they had no mutual friends. This increased to a 60 percent success rate among its friends of friends, allowing the 102 socialbots on the network to amass 3,000 friends within just the first few weeks of the eight week study.
About 46,500 Facebook users were affected, with 14,500 of them also having their physical address mined from their profile. The success with which these researchers had in not only adding Facebook users at random -- but also retrieving personal details -- should raise a red flag.
Security firm Sophos recommends that users practice caution in who they add on Facebook, and only share personal information with their closest friends. "You can choose to make people 'limited friends' who only have access to a cut-down version of your profile if you wish", the firm says. "This can be useful if you have associates who you do not wish to give full friend status to, or feel uncomfortable sharing personal information with".
Moral of the story? Don't add people you don't know.
Photo Credit: De Mango/Shutterstock