In a decision that will be exploited by online scammers "for their own criminal ends", according to one security expert, Facebook is making users' addresses and mobile phone numbers available to third-party app developers. Update, 18 Jan: Facebook has now disabled the feature.
Facebook explained the decision in a blog post, stressing that app developers would be able to access the information only if the user provides permission. The social networking site also pointed out to developers that "the access and use of this data is governed by our Platform Policies".
The Platform Policies include the following rules:
"6. You will not directly or indirectly transfer any data you receive from us, including user data or Facebook User IDs, to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising or monetization related toolset, even if a user consents to such transfer or use."
But Sophos security specialist Graham Cluley predicted that the move "could herald a new level of danger for Facebook users" and warned that web criminals already have a proven track record for tricking their victims into handing over sensitive personal details.
"Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies," Cluley wrote.
"The ability to access users' home addresses will also open up more opportunities for identity theft."