Information Sharing

• A 2009 study by IT security firm Sophos found that Facebook users are typically willing to share very personal information about themselves to those outside their closest circle of friends. According to the Sophos survey, 46 percent of Facebook users accept "friend" requests from strangers, 89 percent of users aged in their 20's shared their full birthday on their profile, close to 100 percent of users divulge their email address, and between 30 percent and 40 percent of users list data about their family and friends. In addition, a 2008 survey by Internet service review firm NextAdvisor found that 8 percent of Facebook users list their full home address, while many others also list their spouse's or significant other's birth date on their profile. This type of information gives identity thieves clues into what a person's bank account passwords might be.
  
  

Friend Experiment

• A major source of the identity theft problems with Facebook are that many users are willing to connect with people who are complete strangers. In a 2009 experiment, Sophos created two fictitious users on Facebook, both names based on the anagrams "stolen identity" and "false identity." One hundred friend requests were sent from each fake user to a randomly select group of 100 users in their age group. Within two weeks, 95 strangers accepted the friend requests with the two identities.
  
  

Stolen Identity

• In 2009, Bryan Rutberg of Seattle, a Microsoft employee, discovered that his Facebook profile status had changed to 'BRYAN IS IN URGENT NEED OF HELP!!!" His friends began calling him and sending him text messages, offering help. Rutberg realized that his Facebook account had been hacked. Many of Rutberg's friends received an email saying that Rutberg had been robbed at gunpoint while in the United Kingdom. One friend sent $1,200 to a Western Union office in London to help him, while another notified Microsoft that Rutberg was in trouble. The hacker had also changed Rutberg's login credentials, so he could not access his Facebook account to remove the status message.
  
  

Recommendations

• NextAdvisor recommended several precautions Facebook users can take to avoid having their identity stolen. Users should limit the amount of personal information on their profile and avoid listing their full phone number, date of birth or home address on their profile. In addition, users should also manage their privacy settings to that only their friends see their personal profile information. Other recommendations include not giving out information where they will be and when they will be there, and not accept friend requests from strangers.