Not content with destroying their careers and social lives in the relentless pursuit of Zombie points, millions of users of social-networking giant Facebook are doling out personal data to strangers. Needless to say, this poses something of an identity fraud risk.

Rather than allowing only confirmed 'friends' to see their Facebook profile, and limiting the personal information contained therein, thousands of Facebookers post personal information all over the shop. Some even publish their full CVs.

Facebook users often allow anyone in their network to access their full profile. This may make sense within an SMB company network, but the London network has more than 800,000 members - and not even I know that many people well enough to give them my phone number (some of them might be boys).

According to one security expert, two in five Facebook users don't even check who their friends are.

Internet security firm Sophos says that the two million (and more) regular UK Facebook users need to shape up and behave in a more responsible manner. And to prove it, Sophos has undertaken one of those slightly odd, 'to protect you we're going to invade you', ID-theft exercises.

Sophos created a profile for a green plastic frog named Freddi Staur - an anagram of 'ID fraudster', and a happy reference to a rodent-noshing 'entertainer'. It then sent out random friend requests on our Freddi's behalf. (Incidentally Sophos describes this as a 'fictional profile', so presumably Freddi has a MySpace page, if you are genuinely friendly with him.)

Twenty percent of the potential 'friends' confirmed Freddi's request - giving the little green blighter full access to their profile pages and all that lovely personal data.

Of those that confirmed, 72 percent gladly gave out their email addresses, 84 percent proffered their date of birth and 23 percent coughed up their phone number.

Even harder to fathom: some dolts even revealed their mother's maiden name. I find this hard to believe, and can only assume that these people are eccentric millionaires who find this a more convenient method of philanthropy than posting their house keys to the local prison.

Sophos' Graham Cluley confirmed: "Freddi now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users' passwords, impersonate them or even stalk them."

So be warned: it matters little what security features Facebook provides if people simply hand over their personal information. And no-one wants to be stalked by Freddi Staur.

Facebook denies code leak threatens users