"Facebook has always been useful for attackers to gather information about a specific target. Facebook Graph turns this on its head and allows an attacker that doesn't have a specific person in mind to browse and select several targets based on search criteria," Hawthorn said.
The changes to Graph Search will now allow for the construction of high-quality phishing messages, using specific search criteria, that the target may not realize is available.
"For example, I can now search for 'Asian Restaurants visited by people who work for the U.S. Department of State'. That produces highly specific results that allows me to choose from a list of targets," Hawthorn explained
The data located via Graph Search is only as private as your friends [and you yourself] want it to be, Hawthorn added. Even if your details are locked down, check-ins and image tags or post tags still offer more insight than was previously available. When compared with the data from other social services such as LinkedIn, an attacker will now have stronger odds when targeting a person or organization.
"Before Facebook Graph, the attacker would have to dig deeper and infer a lot about a target's interests, likes and employer. With Facebook Graph it's easier to search for and find the answers to those questions -- from the target himself," Hawthorn said.
Sign up for CIO Asia eNewsletters.