A major coding error on social networking websites MySpace and Facebook was discovered by a developer last week, which was identified as susceptible to hackers accessing their users' data and photos.

According to Dutch Facebook affiliate Yvo Schaap, the security flaw involved the "cross-domain policy", or the way which these sites handle requests for data from other domains.

Sites such as MySpace and Facebook typically block other domains from requesting and receiving data for privacy reasons, except for their own vetted subdomains, though the expert discovered that Facebook would allow data to be given out from one of its subdomains.

Graham Cluley, the senior technology consultant at Sophos, stressed that "the potential damage that could have been done by vulnerability like this is enormous" to users, including small businesses in IT.

He continued: "A malicious hacker could have exploited this vulnerability to gather information about users, and potentially collect data which would have helped them steal identities."

According to a recent survey by Connect, the two biggest IT headaches for businesses were 'everyday hassles with IT' (37 per cent) and 'security concerns' (32 per cent).