According to media reports, the incoming head of the British Secret Intelligence Service (better known as MI6) has had personal information about himself and his family exposed on Facebook, after his wife’s Facebook account was discovered to be potentially wide open for 200 million people to view.
The Mail on Sunday claims that the wife of Sir John Sawers left her privacy settings on the social networking website wide open for anyone in the “London” network to view her updates.
According to the newspaper, this revealed details of Sir John and his family (he has three grown up children), including personal photographs of them partying and on holiday, the location of their flat, and the identities of friends and close associates, to any of the almost four million people who are members of the “London” geographic network (a Facebook group that any user can join – regardless of where they are in the world).
The Sunday Mail speculates that Sawers could be in hot water for breaching MI6 guidelines after it was revealed that one relative on the network posted a message of congratulations when his appointment was announced:
Congrats on the new job, already dubbed Sir Uncle "C" by nephews in the know!
I’m rather sceptical of that being such an issue, however, seeing as the British government had hardly made any secret of Sawers’ appointment. Sir John is currently Britain’s Ambassador to the United Nations, and was named as the next head of Britain’s overseas overseas spying activities last month. It is well publicised that when he takes the post in November, he will be dubbed with the internal Whitehall codename “C”.
No, the bigger issue here is something we have talked about before: Facebook users joining geographic networks and not properly checking their privacy settings afterwards. When Sophos investigated this problem before, we found that that a staggering 75% of people in the Facebook London group allow their profiles to be viewed by any other member, regardless of whether or not they have agreed to be friends.
Hopefully revisions Facebook has made since we did that privacy test has increased awareness amongst users that they need to take more care over who they share their personal information with – but we are still finding people who are leaving themselves wide open to potential identity theft by sharing data with complete strangers.
Lady Shelley Sawers certainly seems to have learnt that lesson. All traces of her account on Facebook have disappeared following the newspaper investigation.
But don’t forget that leaky social networking profiles aren’t just a security issue for spy chiefs and their families. Millions of home users and office workers may be sharing too much information online, and being careless with their privacy settings – potentially allowing all kinds of unwelcome people to gather information about you.
If you’re interested in finding out more, here’s a podcast where I discuss Facebook and identity theft: