According to IT security vendor Sophos, the discovery of the Secret Crush application underscores the need for Facebook users to be careful about the kinds of third-party applications they install.
Secret Crush application
The application invites unsuspecting Facebook users to find out which of their friends have a secret crush on them. After installing the application, however, users are instead directed to an external Web site inviting them to download applications such as MyWebSearch, which allows for pop-up advertising.
Facebook has since removed Secret Crush from its database.
Graham Cluley, Sophos' senior technology consultant, however, is calling for caution.
"Facebook users must show greater discretion about how they use the site, and which applications they install," Cluley said. "These third-party widgets are not written by Facebook, and can mean that you are carelessly sharing your personal information with strangers or risking your computer's security."
He noted that "thousands" of third-party applications have been developed and made available for Facebook users, and it is "obviously proving impossible" for the social networking site to police them.
"The message from Facebook to its users appears to be, 'add third-party applications at your own risk," he said.
On its site, the social networking site outlined that it will not be held responsible for any loss or damage incurred by its users through "any user content or third-party applications".
In a statement released Monday, Facebook said it is committed to ensuring user security but asked for its users to "employ the same precautions" while downloading applications from the site, as they would when downloading software on their PCs.
A Sophos study last year found that 41 percent of Facebook users were willing to reveal their personal information to a complete stranger, and 84 percent divulged their full date of birth.
Cluley urged companies to establish proper user policies if they do decide to allow their employees to access social networking sites during office hours.
"It's vital that they do not put their personal and corporate data at risk... If your users are installing third-party Facebook applications in the office, they could potentially be bringing adware, spyware and malware into your organization at the same time," he said.