Well, a few months on and it looks like the BBC had a coder create an application (in three hours or less) that could swipe a whole pile of data on both you and your friends, before mailing it back home to base. I can’t stress enough - when it comes to social networking sites, NEVER post anything you wouldn’t feel comfortable posting on an otherwise open and accessible site such as your blog, personal website, whatever. I have pages on Myspace, Facebook, Orkut and a whole bunch of others - and there is NOTHING on them that you couldn’t find elsewhere. There is no hidden treasure trove of data to mine, and so I don’t care what happens to it because it’s all out there in the public domain anyway. This is what I’ve been telling people for the longest time, and it works.

The hacker in this case has been able set up a malicious application that can steal details of not only your information but the people you’re connected with. This is because in Facebook, applications have permission to ‘walk the tree’ of your friend contact details, letting the apps do things like populate the list of people for you to forward to, when you choose to “forward this and see what happens.”

We have discovered a way to steal the personal details of you and all your Facebook friends without you knowing.

The article is worth reading. Wow, good job British hax0rz! I won’t say “the sky is falling” because this has been pretty well-known among the geek-o-rati for a long time. BBC notes MySpace apps run on MySpace’s servers, giving MySpace a much clearer idea of what an application is doing with the data.

Perhaps the media attention this is sure to draw will move FB to a more secure model. One can hope.

Tags: facebook, facebook friends, identity theft, malicious application, media attention, myspace, risk, social networking, social platforms