The personal information that you willingly (or unwittingly) give to Facebook can be invaluable to its partners, who slice and dice the data to rake in hundreds. We find out just who's looking at and earning from your personal information.
Hackers and worms
Right now it's hard to know the worth of user data shared through Facebook's Instant Personalisation since the program is so new, but in the wrong hands such information could represent a large chunk of change.
A May article on TechCrunch reported a proof-of-concept exploit on Yelp that took advantage of cross-site scripting to grab Facebook addresses and other information. The exploit's author was a security consultant looking to prove a point. Yelp, which declined to be interviewed for this story, patched the vulnerability. No user data was stolen.
But other, genuine security threats are thriving on Facebook. The Koobface worm has been lurking on Facebook since 2008, growing more sophisticated with its ability to create an account, friend strangers, and join groups.
And hundreds of thousands of Facebook users have encountered a clickjacking worm that duped them into 'liking' pages that led to the installation of malware for perpetuating the worm's spread.
"The biggest danger that I can see is that they get your log-in credentials," says Beth Jones, senior threat researcher at Sophos Labs.
The intruders can gain access to information such as mobile phone numbers, partial credit card numbers, and billing addresses stored in the Payments section of Facebook's account settings.
"That's where some of the true value of stealing these log-in details comes in," says Jones. "[Attackers] can start pulling off some really decent identity theft."
Identity theft can also occur when a snoop looks through Facebook profile data that privacy settings haven't locked down. "Unfortunately a lot of password-reset questions are answered in your profile," says the Electronic Frontier Foundation's Opsahl.
So how much is your Facebook identity worth?
Researchers at VeriSign's iDefense recently reported that a hacker named Kirllos claimed he had 1.5 million Facebook accounts for sale for a price of $20 to $45 per 1000 accounts, depending on the number of contacts. According to a New York Times story, Facebook said that its own investigation did not find the claim credible. Facebook did not answer an interview request for this article.
NEXT PAGE: Marketers and advertisers