An alarming rise in attacks by cyber criminals has exposed users of social networking sites such as Facebook and Twitter to risks of identity theft, spam and malware infiltration in the last one year, a study says.

According to the survey by global IT security and data protection firm Sophos, criminals have increasingly focused attacks on users of social networking sites in last 12 months with an explosion in reports of spam and malware.

About 57 per cent of users have been spammed via social networking sites, a rise of 70.6 per cent from last year, while 36 per cent received malware via them, a rise of 69.8 per cent, it said.

“Computer users are spending more time on social networks, sharing sensitive and valuable personal information and hackers have sniffed out where the money is to be made,” Sophos senior technology consultant Graham Cluley said.

“A dramatic rise in attacks last year tells us that social networks and their millions of users have to do more to protect themselves from organised cybercrime or risk falling prey to identity theft schemes, scams and malware attacks.”

Sophos surveyed over 500 firms and found that 72 per cent are concerned that employee behaviour on social networking sites exposes their businesses to danger and puts corporate infrastructure and sensitive data at risk.

When asked, which social network they believed posed the biggest security risk, 60 per cent respondents named Facebook, followed by MySpace (18 per cent), Twitter( 17 per cent) and LinkedIn (four per cent).

“We shouldn’t forget that Facebook is by far the largest social network — and you’ll find more bad apples in the biggest orchard,” Mr. Cluley said.

The truth is that the security team at Facebook works hard to counter threats on their site — it’s just that policing 350 million users can’t be an easy job for anyone, Mr. Cluley added.

The “Social Security” survey is a part of Sophos’ 2010 Security Threat Report, which explores current and emerging computer security trends.

The report reveals that criminals identify potential victims on social networks and then attack them, both at home and at work.

Sophos believes that many Web 2.0 sites are concentrating too much on growing their market share at the expense of properly defending their existing users from Internet threats.