Security firm Sophos has urged Facebook to enhance its default privacy settings.
The warning follows new research that shows that members of the site are exposing personal details to strangers and putting themselves at risk of identity theft.
Facebook users are encouraged to join networks to make friends with people in the same area but doing so makes their profile visible to every member of that network.
Sophos carried out a study of 200 users in the London Facebook network and found that 75 per cent of them allowed their profiles to be seen by any other member, whether they were friends with them or not.
The company said users in other networks, such as Toronto, Vancouver and New York, have also been revealing personal information to strangers and potentially to cyber criminals.
A quarter of users in the London network have been found to reveal work-related information in their profiles, which could allow cyber criminals to commit corporate identity fraud.
Graham Cluley, senior technology consultant at Sophos, said: "I was flabbergasted when I joined a network on Facebook using a profile which I thought was secure, only to find Facebook had changed a number of settings and was opening me up to millions of strangers."
Cluley believes that Facebook's privacy features are more sophisticated than other social-networking sites but thinks that many members still aren't aware how to use them effectively to prevent ID theft.
"The Facebook network issue almost amounts to identity-on-demand for cyber criminals, who are fully capable of taking advantage of unwitting Facebook fans," said Cluley.
Sophos suggests that the next step for Facebook would be to change its default settings so that when members join a network they are required to click to make their details visible to others.