updated 5/30/2012 3:18:53 PM ET 2012-05-30T19:18:53

For many of us, quitting Facebook would be difficult, if not impossible.

We're the ones who check it once, twice, a hundred times a day. We post photos of important events, share the cute things our kids say, connect with old friends, or, in some cases, even conduct business. The loss of Facebook would leave a serious hole in our online lives.

But not every Facebook member is so involved. There are millions who've signed up for a Facebook account just because everybody else was doing it, or to specifically connect with someone else, or even just out of curiosity. Once those fleeting urges are satisfied, their Facebook accounts sit dormant for long periods, unused and forgotten.

An abandoned or disused Facebook account isn't just a dent in Facebook's claim to have 850 million "active" users. Andrew Brandt, director of threat research at Solera Networks, a network-security provider in South Jordan, Utah, says a dormant account poses risks both to the account holder's privacy and to the rest of Facebook's user group.

"Most of the risks involve the compromise of an account and its subsequent misuse or abuse," Brandt said. "To a lesser degree, depending upon how personal information is stored in an individual's account, another potential threat is [that] a criminal may extract that data for the purposes of attacking the account holder in another context.

"For example," Brandt said, "the individual may be the victim of a highly targeted email attack containing malicious links or files, which uses personal information about the victim to improve the chances the victim will be convinced to click the link or open the attachment."

[ That's an Order! 10 Facebook Privacy Tips From the Marines ]

A compromised account may be abused in a number of ways. Facebook accounts with lots of friends are desirable targets because the victim's account is a perfect launching platform for social engineering attacks against those friends.

You may have heard of the "stranded in London" scam, which involves a desperate message from a friend or family member asking for a wire transfer to bail him or her out of some sort of emergency while traveling.

Such scams have played out on a number of platforms, including Web-based email accounts and social networks. They only really work on disused accounts, because someone who frequently uses his account will see the messages posted by the criminal on his behalf.

"While letting a Facebook account sit idle doesn't make it more vulnerable than a frequently used account, should the account ever be compromised, it's likely that the damage would go unnoticed for far longer," explained Michael Sutton, vice-president of security research for Zscaler ThreatLabZ in Sunnyvale, Calif.

Not visiting Facebook on a somewhat regular basis also puts the user at risk of not knowing the latest update in Facebook's privacy settings, or of not learning that a design change has reset all of his or her settings to the default.

"Facebook may make changes to their terms of use at any time," said Andrea Eldridge, technology columnist for Scripps-Howard Newspapers. "If you don't log in regularly, you may miss an update to their privacy policy that affects how your personal information is shared with the public, affiliates, or advertisers."

Facebook is designed to be a social-networking tool where people share pictures and information about their lives with friends and family. If you're not using it for such purposes, or you're not finding it to be beneficial or enjoyable, then there's no reason to leave details of your personal life posted on a public forum, while putting yourself at risk of possible identity theft or having your site used as the springboard for a scam.

If you're at this point, it is best to deactivate your account. You should definitely deactivate the account if you discover it has been compromised and you have been targeted for harassment or identity theft.

However, if you find that you don't want to go cold turkey, or that you may someday want to see pictures of your cousin's daughter's new baby, Eldridge suggested you set your account to inactive status.

"Facebook will store all your information in its database (including posted pictures, email addresses, old messages, etc.), but people will not be able to view it or search for you," Eldridge said. "Note that this does still leave your data at the mercy of future Facebook terms of use changes. 

"However, if you think you may want to return to Facebook in the future, reactivating a deactivated account is simpler than starting from scratch to re-create your profile," she said. 

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments