BBC Watchdog steals Facebook identities, and Sophos’s idea!

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Last night, BBC TV in the UK broadcast an investigation into Facebook security on their flagship consumer affairs program, Watchdog.  Their findings have been reported in news stories worldwide.

BBC investigators set up a fake Facebook id called “Amba Friend”, contacted 100 people at random with friend requests, and reported how many accepted the invitation from a total stranger. Sure enough, plenty of people accepted the invitation and information such as home addresses and dates of birth were available for a potential identity thief to spirit away.

Sound familiar?  Well, it should do because back in August Sophos conducted a  remarkably similar experiment (we contacted 200 people, and used a photograph of a small plastic frog called “Freddi Staur” – an anagram of “ID Fraudster”).  Unlike the BBC we stopped short of taking out credit cards in innocent people’s names – but did publish a best practice guide and record a podcast about how people can better protect their privacy on the social networking website.

Freddi Staur the Facebook frog 

The BBC contacted us a few weeks ago asking how we had run our experiment, and even suggested strongly that they might want Freddi the frog – and members of SophosLabs – to appear on camera in the studio. 

We didn’t hear any more until suddenly Watchdog broadcast their startlingly similar investigation last night on BBC One.  Alas, there was no sight of plastic amphibian bath toys or mention of Sophos.  

Sign up to our free newsletter.
Security news, advice, and tips.

It’s a shame the BBC didn’t involve us more, because we could have taken the story further.  For instance, earlier this month we revealed how joining a geographic network on Facebook opens up your profile to other people even if you haven’t accepted them as friends and even if you have previously been quite careful with your privacy settings. That’s quite a problem when you realise that, for example, the London Facebook network has over 1.2 million people (and growing).  Do you really want over a million strangers knowing your date of birth, cell phone number or that you’re going to the South of France on holiday for two weeks?

I guess we shouldn’t feel too miffed – after all, anything which raises awareness about individuals’ security online has to be a good thing.

But, of course, there is an enormous irony about being ripped off by a BBC consumer affairs show.  Oh well, they say imitation is the sincerest form of flattery!


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.