New Facebook profile design marred by security slip-up

Privacy breach exposed users' hidden dates of birth

Sophos, a world leader in IT security and control, has warned computer users that Facebook accidentally publicly revealed personal information about its members, which could be useful to identity thieves. Earlier this week, the full dates of birth of many of Facebook's 80 million active users were visible to others, even if the individual member had requested that the information remained confidential.

According to Graham Cluley, senior technology consultant at Sophos, a security slip-up by the website during the process of a public beta test of its new design for members' profiles left birth date information exposed.

"I was shocked to see people's full date of birth revealed, even though I knew they had their privacy set up correctly to supposedly hide the information," said Cluley. "It's essential that users of social networks should have confidence that their privacy will be protected - and it's especially important with information like your date of birth, which can be a golden nugget for a committed identity thief."

Cluley says he informed Facebook as soon as he discovered the flaw, which now appears to have been fixed.

"It's good that Facebook fixed the problem - but can people feel confident that this kind of mistake won't happen again in future?" he asked. "My advice to Facebook users would be, even if your date of birth is set to be non-visible, change it to a made-up date in case this kind of blunder happens again. Facebook and other social networking websites need to be more careful about protecting their members' data, or risk losing users."

Sophos noted that birth dates were exposed via the new design that Facebook is trialing for its personal user profile pages, which currently can be accessed via According to the Facebook developers blog, Facebook will start rolling out the new profile page design to users this week.
Facebook's new design for its profile pages, revealed members' personal information even if privacy settings had stated it should be hidden.

Last year, Sophos published results of a identity theft probe into Facebook which uncovered that 41% of users, more than two in five, would divulge personal information - such as email address, date of birth and phone number - to a complete stranger.

Sophos has published a video on its YouTube channel, demonstrating the security hole.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter