Millions of members of the social networking site Facebook are allowing strangers access to their personal information, making them vulnerable to identity theft on the internet.

Researchers found that two in five Facebook users happily divulged details such as their date of birth, phone number and workplace to people whom they have never met.

Fraud experts say that the willingness of the younger generation to disclose personal data over the internet is a worrying trend and gives cybercriminals the information they need to create spoof identities, gain access to online accounts or infiltrate employers’ computer networks.

Facebook has enjoyed phenomenal success. In the past six months, the site’s British audience has surged 523 per cent to 3.2 million and there are now more than 30 million members worldwide.

Sophos, a leading IT security company, created a fake Facebook profile and sent out befriending requests to individuals chosen at random. More than 40 per cent of users responded, allowing “Freddi Staur” (an anagram of ID Fraudster), whose photo showed a small green frog, to view their profiles and a selection of personal details.

Graham Cluley, senior technology consultant at Sophos, said: “In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts. Many users also disclosed the names of their spouses or partners, several included their resumés, while one user even divulged his mother’s maiden name - information often requested by web-sites in order to retrieve account details. He now has enough information to create phishing e-mails or malware [malicious software] targeted at individual users or businesses, to guess users’ passwords, and impersonate or even stalk them.”

While Facebook does allow users to restrict friends’ access to their information, many members do not bother to invoke the safety measures.

Alastair, a 24-year-old City worker who has been on Facebook since the beginning of the year, said: “Some people really will just accept anyone as a friend. It would take someone about five minutes to ruin your life if they put their mind to it.”

Figures released recently by Cifas, the fraud prevention service, show that a record number of frauds were committed in the first six months of 2007, including an estimated 40,000 identity thefts. Cifas called the numbers worryingly high and put the cost of ID fraud in Britain at about £1.5 billion a year.

Facebook suffered further embarrassment yesterday after it was disclosed that parts of its source code had leaked on to the internet. The site acknowledged that part of the code to its home page had been published on a blog, but emphasised that none of the personal details of its 52 million users had been compromised.