Live

Watch CBSN Live

Five Hidden Dangers of Facebook

Facebook claims it has 400 million users. But are they well-protected from prying eyes, scammers and unwanted marketers?

Not according to Joan Goodchild, senior editor of CSO (Chief Security Officer) Online.

She says your privacy may be at far greater risk of being violated than you know when you log onto Facebook, due to security gaffes or marketing efforts by the company.

Facebook came under fire this week, when 15 privacy and consumer protection organizations filed a complaint with the Federal Trade Commission, charging that the site, among other things, manipulates privacy settings to make users' personal information available for commercial use. Also, some Facebook users found their private chats accessible to everyone on their contact list - a major security breach that's left a lot of people wondering just how secure the site is.

In two words, asserts Goodchild - not very.

On "The Early Show on Saturday Morning," she spotlighted five dangers she says Facebook users expose themselves to, probably without aware of it:

• Your information is being shared with third parties

• Privacy settings revert to a less safe default mode after each redesign

• Facebook ads may contain malware

• Your real friends unknowingly make you vulnerable

• Scammers are creating fake profiles

Is Facebook a secure platform to communicate with your friends?

Here's the thing; Facebook is one of the most popular sites in the world. … Security holes are being found on a regular basis. … It is not as inherently secure as people think it is when they log on every day.

Certainly, there are growing pains. Facebook is considered a young company and it has been around a few years now. It is continuing to figure this out. They are so young they are still trying to figure out how they are going to make money. They don't even have a revenue model yet. It is hard to compare this to others; we have never had this phenomenon before in the way people are communicating with each other - only e-mail comes close.

The potential for crime is real. According to the Internet Crime Complaint Center, victims of Internet-related crimes lost $559 million in 2009. That was up 110 percent from the previous year. If you're not careful using Facebook, you are looking at the potential for identity theft, or possibly even something like assault if you share information with a dangerous person you think is actually a "friend." One British police agency recently reported the number of crimes they've responded to in the last year involving Facebook climbed 346 percent. These are real threats.

Lately, it seems a week doesn't go by without some new news about a Facebook-related security problem.

Earlier this week, a publication called "TechCrunch" discovered a security hole that made it possible for users to read their friends' private chats. Facebook has since patched it, but who knows how long that flaw existed? Some speculate it may have been that way for years.

Last month, researchers at VeriSign's iDefense group discovered a hacker was selling Facebook user names and passwords in an underground hacker forum. It was estimated he had about 1.5 million accounts - and was selling them for between $25 and $45.

And the site is constantly under attack from hackers trying to spam these 400 million users, or harvest their data, or run other scams. Certainly, there is a lot of criticism in the security community of Facebook's handling of security. Perhaps the most frustrating thing is that the company rarely responds to inquiries.

Do people really have privacy on Facebook?

No. There are all kinds of ways third parties can access information about you. For instance, you may not realize that, when you are playing the popular games on Facebook, such as Farmville, or take those popular quizzes, every time you do that, you authorize an application to be downloaded to your profile that you may not realize gives information to third parties.

Does Facebook share info about users with third parties through things such as Open Graph?

Open Graph is a new concept for them - they unveiled it last week at a conference. It actually is basically a way to share the information in your profile with all kinds of third parties, such as partner websites, so they can have a better idea of your interests and what you are discussing, so they can - as they portray it - "make it a more personal experience."

The theory behind Open Graph - even if they have not implemented it - is their whole business model, isn't it?

Well, that is the business model - they are trying to get you to share as much information as possible so they can monetize it by sharing it with advertisers.

Isn't it in Facebook's best interest to get you to share as much info as possible?

It absolutely is. Facebook's mission is to get you to share as much information as it can so it can share it with advertisers. As it looks now, the more info you share the more they are going to with advertisers and make more money.

It is not only sharing the information: Isn't there a security problem every time they redesign the site?

Every time Facebook redesigns the site, which happens at least a few times a year, it puts your privacy settings back to a default in which, essentially, all of your information is made public. It is up to you, the user, to check the privacy settings and decide what you want to share and what you don't want to share.

Facebook does not notify you of the changes, and your privacy settings are set back to a public default. Many times, you may find out through friends. Facebook is not alerting you to these changes; it is just letting you know the site has been redesigned.

Can your real friends on Facebook also can make you vulnerable?

Absolutely. Your security is only as good as your friend's security. If someone in your network of friends has a weak password and his or her profile is hacked, he or she can now send you malware, for example. There is a common scam called a 419 scam, in which someone hacks your profile and send messages to your friends asking for money - claiming to be you - saying, "Hey, I was in London, I was mugged, please wire me money." People fall for it. People think their good friend needs help - and end up wiring money to Nigeria.

A lot of websites we use display banner ads, but do we have to be wary of them on Facebook?

Absolutely: Facebook has not been able to screen all of its ads. It hasn't done a great job of vetting which ads are safe and which are not. As a result, you may get an ad in your profile whey you are browsing around one day that has malicious code in it. In fact, last month there was an ad with malware that asked people to download antivirus software that was actually a virus.

Is too big a network of friends dangerous?

You know people with a lot of friends, 500, 1000 friends on Facebook? What is the likelihood they are all real? There was study last year that concluded that 40 percent of all Facebook profiles are fake. They have been set up by bots or impostors. If you have 500 friends, it is likely there is a percentage of people you don't really know and you are sharing a lot of information with them, such as when you are on vacation, your children's pictures, their names. Is this information you really want to put out there to people you don't even know?