Facebook has courted new controversy by allowing developers of apps access to some of its 500 million users' most sensitive information, including telephone numbers and addresses.
The social networking site founded by Mark Zuckerberg, whose own stake is worth $12bn (£7.5bn), announced the change to its policy in a blog last Friday, but the post was intended for designers of apps rather than ordinary users so the change has only come under scrutiny since the weekend. Internet security analysts and privacy experts are now advising people to remove their phone numbers and addresses from the site.
While those who have Facebook accounts must grant individual applications permission to access their details, it is very likely that many people who have clicked their approval plenty of times before will not notice the change in terms and will pass on contact details unknowingly, leaving them more vulnerable to becoming victims of spam.
Facebook, which gives advertisers the ability to target users according to their stated interests, geographical location and other insights, has been criticised increasingly over the years for how it handles the privacy of its account holders.
Graham Cluley, senior technology consultant at IT security and control firm Sophos, said: "The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles.
"You have to ask yourself – is Facebook putting the safety of its 500-plus million users as a top priority with this move?"
The official Facebook blog post on the subject explains that the company says: "Because this is sensitive information, we have created the new user address and user mobile phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs." It also says that people are merely able to grant external developers the ability to see their own details, rather than those of their friends. But it is often unclear who exactly is behind the small and seemingly harmless pieces of software available via the Facebook, which many users enjoy signing up for in order to brighten up their profile pages or to play games or quizzes with friends. Facebook has opted against a systematic program of vetting potential applications, such as that by Apple.
The website therefore inevitably hosts a number of potentially rogue, independent applications that have been designed by third parties to misleadingly gain access to users' information, and farm it out on as wide a scale as possible.
In a statement issued last night, a spokesman for the website said: "We want to make it easy for people to take the information they've entered into Facebook with them across the web. This new permission gives people the ability to control and share their mobile phone number and address with the websites and apps they want to use."