Cybercriminals are increasingly exploiting social networks to identify potential victims and attack them, says security firm Sophos.
Web 2.0 companies are concentrating on growing their members at the expense of defending users from threats, according to the firm's latest security threat report.
The problem is compounded by the fact social networks tend not to provide explicit or accessible privacy guidelines to avoid putting off potential members, according to researchers at Cambridge University.
The Sophos research found that IT teams are worried that employees share too much personal information via social networking sites, putting their corporate infrastructure and the sensitive data stored on it at risk.
The findings also indicate that a quarter of businesses have been exposed to spam, phishing or malware attacks via sites such as Twitter, Facebook, LinkedIn and MySpace.
The time has come for Web 2.0 companies to examine their systems to determine how they are going to protect their huge number of users from virus writers, identity thieves, spammers and scammers, said Graham Cluley, senior technology consultant at Sophos.
"The honeymoon period of these sites is over, and personally identifiable information is at risk as a result of constant attacks that the websites are simply not mature enough to protect against," he said.