That's because most of the time people spend on and elsewhere is during work hours -- on work machines.
At the security conference in the nation's capital this weekend, two security researchers demonstrated the many reasons why this is bad.
In a presentation called "Fail 2.0: Further Musings on Attacking Social Networks," and guided attendees through attacks made easy because of the very nature of these sites, where users can upload and exchange pictures, text, music and other content with little effort.
"Social networking sites are meant to get as many users in one place as possible on one platform, and for attackers there's a lot of return-on-investment in going after them," Moyer said, describing the climate as a perfect storm of social engineering and bad programming.
Through a variety of easy tricks, attackers can hijack a person's social network account to use as a launching pad for additional attacks against other users, other , and so on. Social networks can also be incorporated into micro botnets and, by rummaging through a page of misfired direct messages on , a motivated attacker can unearth the cell phone numbers of prominent people.