Facebook Email Change Raises Security Concerns
Facebooks decision to replace users chosen email addresses with their Facebook email address as the default on profile pages likely will make those @facebook.com addresses even more attractive to spammers and other cyber-criminals, according to one security expert.
In a blog post June 26, Graham Cluley, senior technology consultant at security software provider Sophos, noted that with the change, essentially by default anyone on Facebook can send a user a message, and that anyone on the Internet can email the user at their @facebook.com address.
It was something Cluley warned users about in a blog post in 2011 about Facebooks messaging system, and the social networks decision to make the @facebook.com address the default email address on the profile pages will most likely make those addresses an even bigger target.
As Sophos pointed out last year the @facebook.com email addresses are likely to prove attractive targets for spammers hawking goods and malicious links, Cluley wrote in the latest blog.
Facebook has been quietly shifting the default addresses of its almost 900 million users from the email addresses they chose when signing up on the sitesuch as those from Yahoo or Googles Gmailto their Facebook addresses, which are the firstname.lastname@example.org. Facebook officials in April said they were giving all their users a Facebook email address using their public usernames, but it wasnt until this past weekend that some journalists and blog sites noticed that Facebook was making these addresses the default addresses on public profiles.
"Ever since the launch of Timeline, people have had the ability to control what posts they want to show or hide on their own timelines, and today we're extending that to other information they post, starting with the Facebook address," Facebook spokesperson Jillian Stefanki said in an email to the Associated Press June 25.
The social network, which is notorious for making blanket changes to its Website operations without sufficiently notifying its users, has come under heavy criticism from users and outside observers alike since the move was publicized. The common theme is that its yet another attempt by Facebook to gain greater control over its users lives.
Clearly this is all part of the site's plan to get more people using the @facebook.com email addresses, thus making the social network even harder to extricate yourself from, Cluley wrote.
Facebook users who want to change back to their original default email can do so by clicking on the about section of their profiles, going to the Contact Info section and choosing Edit. From here, users can choose which of their email addresses they want to appear on their timelines and who can see it. Once thats done, users can then press Save.
However, Cluley said, users shouldn't be fooled into thinking that hiding your @facebook.com email address makes it impossible for someone to work out what it is. After all, it now matches the public username in your profile's URL.
Users can go into their accounts privacy settings to determine who can send them messages, and they need to remember that Everyone in the settings means everyone on the Internet, not just on Facebook, he said.
Cluley also wrote that it will be incumbent on Facebook to implement effective filtering mechanisms to prevent fraudsters from exploiting users with spam, scams and phishing attacks as a result of this opening up of the network's messaging system. My guess is that it won't be long at all before we see criminals abusing @facebook.com email addresses for their own nefarious reasons.