Just saw this message on another forum
"Facebook has changed and said nothing (again).
Take a look at your URL (top box on your screen.) If you see "http" or just "www" instead of "https" you DO NOT have a secure session & can be hacked. Go to Account Settings - Click Security on the left top corner - click Edit next to Secure Browsing, Check box, click Save. FB has automatically set it on the non-secure setting!Some of the applications require you to turn off the secure setting.
Also if you click on Account/EditFriends/Contacts you will see everone's mobile number. Facebook security gets worse."
Gone through the profile bit and tis true for me. Old news?