Privacy seems to be one of those things that everyone wants but no one can really define. If you ask the average person whether or not they wanted their personal information available on the Internet, they would of course say no, because they have heard and read news stories saying putting personal information on the Internet is bad.
Now ask them the kind of information they post to their blogs and social media pages, and you’re likely to hear things like their birthday, where they live, where they were born, who they hang out with, where they went to school, where they work…all information that by itself is mostly harmless, but in many cases it can be used to steal private data.
As an example, a woman made news a year or so back; her Facebook wall and personal blog site were full of postings about how much her dog was such a big part of her life. She was later shocked to find that someone was able to drain her bank account. Apparently she had posted enough information on her website that the thief was able to answer her security questions in order to reset her banking password.
Part of the disconnect is the difference between private and personal. Private info is usually considered to be things like bank account information, passwords, social security numbers, and credit card numbers—things you would never give out to anyone. Personal information such as birthdays, names, addresses, pet names, etc. is usually shared with no thought behind it. The problem is that personal information can be used to obtain private information if you know where to look.
If someone is trying to get into your bank account, they need to know your login and password. Most people use their name or some variation for their login, so that’s the easy part. Passwords, however, can be anything. First place a hacker is going to look is your public info: MySpace, Facebook, Instagram, anything you posted that is available to the public.
They are going to try the things that most people use for passwords: birthdays, anniversaries, pet names, names of children or relatives. If that doesn’t work, they are going to try the “Forgot my password” option and attempt to answer your security questions using information they collected. Some of the common questions used are “Mother’s maiden name,” “Town where you were born” and “Favorite pet name.”
If your mother is on Facebook, that question can probably be answered—a lot of women like to use their maiden name as well as their married name so their high school friends can find them. And the town where you were born? Well, that’s right there in your info as well, as is your pet’s name. Some sites are getting wise to that, and they are making the questions a bit more random, but even better are the ones that let you write your own security questions. If you have that option, use something really obscure that you’re not likely to post anywhere.
One option I have recommended to people is to lie in your security questions. If one of the security questions is “Town where you were born,” give it an answer of a town nearby. If it asks the name of your first pet, give it the name of your neighbor’s dog. That way someone who is grabbing information from Facebook will answer the question incorrectly. It’s not like anyone is going to verify your answers; they are just there so you can verify who you are. Of course now you have to remember what you put down, but at least someone else isn’t going to be able to answer it.
Now that social media is all the rage, it’s easy to forget that the stuff we post to our friends is often not limited to our friends. Pair this with the lack of importance many people place on password security, and it’s no wonder they are finding their accounts hacked. Be smart and watch what you post, and where.