"It may be about the fact that you work for RSA [Security]," he said, referring to the emails sent to low-level employees at that firm earlier this year. Those emails, which included , gave attackers a foothold on RSA's network. The criminals then scoured RSA's systems and stole confidential information about its popular SecurID authentication token technology.

Others, not strictly hackers, could use Timeline to quickly dig up dirt as well, said Wisniewski.

"Someone could use it to gather information to harass you, or someone at work competing for your job could use it," he said.

"The more you put in there to make it complete -- and we've been conditioned to finish forms -- the easier it is for someone with ill intent to gather information about you," said Wisniewski.

Although current Facebook privacy settings will apply to the Timeline -- letting users decide who sees what -- and the Timeline can be edited to remove an embarrassing past, Wisniewski was pessimistic about users' decision making.