A security expert is warning users of Facebook to remove their home addresses and mobile phone numbers from their profiles as the website now gives third parties access to that information.
The social networking site announced in a blog post at the weekend that it would give developers of applications access to the contact information of users who install their apps.
"These permissions must be explicitly granted to your application by the user via our standard permissions dialogs," Facebook's Jeff Bowen said. "Please note that these permissions only provide access to a user's address and mobile phone number, not their friend's addresses or mobile phone numbers."
But Sophos security expert Graham Cluley, in a blog post on the firm's site, questioned the move.
"You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?" he said.
"It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends."
Cluley offered the advice that users should remove their home addresses and mobile phone numbers from their Facebook profiles.
"I realise that Facebook users will only have their personal information accessed if they 'allow' the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this."
He said "shady app developers" would now "find it easier than ever before to gather even more personal information from users".
"You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies," he said.
Facebook's Australian public relations firm was contacted for comment on Sophos's advice. It did not respond in time for publication but referred this website to the blog post announcing the move.