Fraud hits Facebook - Users exposed to identity theft

MILLIONS of Facebook users are having their personal details bought and sold online for as little as $5, exposing them to fraud, spam and identity theft.

For about the cost of a McDonald's Happy Meal, internet users can download the details of millions of Facebook users including their full names, email addresses and a link to their profiles.

One list obtained by The Sunday Mail contained the details of dozens of Australian Facebook accounts, including one with an Australian Federal Police email address and another from a major Australian newspaper.

The breach, discovered by a Czech blogger, has raised alarm bells with privacy experts, who have warned the information could be used by scammers to commit fraud or steal users' identities.

Some Queenslanders on the list had profiles that were completely open and contained sensitive private information including their birth date, home town, workplace and family relations.

One Gold Coast Facebook user who appears on the list told The Sunday Mail she was disturbed to find her personal details being traded for money online, particularly since her email address was not listed publicly on Facebook.

Australian Privacy Foundation vice-chairman David Vaile said Facebook profiles contained a ``massive honey pot'' of personal data, and it wasn't surprising to see such information leak out given the company's shifting privacy settings. He said the details contained on the list could form a ``reliable starting framework'' for identity theft and fraud.

University of Wollongong information systems expert associate professor Katina Michael said trading such data for money was a crime, but the $5 price tag was designed to expand the customer base while keeping sales under the police radar.

In a statement, a Facebook spokeswoman said the company had launched an investigation.

Citation: Anthony Gough, November 18, 2012, "Fraud hits Facebook - Users exposed to identity theft", The Sunday Mail, p. 42.