Beware: Don’t Post Answers to Personal Questions on Social Media, EVER.

Be aware that seemingly insignificant details about your life that you may be sharing on social media could be opening Pandora’s box for cybercriminals. For example, when you answer questions publicly on social media such as “your first car,” “the first street you lived on,” “your first dog’s name.” It seems harmless, but you could be sharing these answers directly with cybercriminals looking for this type of information.We see countless people sharing these answers online without realizing the similarities to security questions for sensitive accounts or even for your passwords. While we recommend using unique passwords for each of your online accounts and ALWAYS adding multi-factor authentication when possible, we know that some people still default to easy to remember passwords. Check out where we wrote about Most Common Passwords (And Why You Shouldn’t Be Using These)

Why does this matter? 

Cybercriminals and automation are quickly evolving. For example, when sensitive data like the aforementioned is shared on public social media outlets, bots can automatically file away everything about you for later cross-referencing. Also, don’t be surprised if advertisers are keeping this information to target you with related ads.

Once cybercriminals acquire this sensitive data, they can buy and sell your data on the dark web. Anything you say publicly online can be matched somewhere else, and by connecting the dots cybercriminals can compromise an account and cause havoc in your life. 

For example, let’s say your email address and password for an online store were leaked in a breach, you use the same password on every website, and you answered a quiz on Facebook and said your first car was a Ford Escort. Cybercriminals head to the dark web and mass purchase lists of breached accounts and ancillary data, such as social media answers. An automated program could cross-reference these lists and target you with high efficiency. In this example, it could be enough to login to your bank account and answer an obscure security question like — “what was your first car?”

The moral of the story is this: don’t answer questions about your personal life on the internet. You could be unknowingly giving away answers to secret questions, and you’re building up a database of information to be used against you. 

BONUS: These are two rules to live by when dealing with the internet: 

  1. Never put something on the publicly facing internet that you wouldn’t want your worst enemy to see.
  2. If something is free, you are what’s being sold. Free email, social media, and free tiers of apps are essentially fronts for data collection efforts that help flesh out your ad profile, leading to advertisers targeting you with scary relevant ads. But, it gets worse. What if cybercriminals breach and sell these databases full of personalized data on the dark web? They guess your passwords, phish you with great accuracy, and more. (FYI 37 billion records were breached in 2020 alone.. Facebook was 530 million of those.)

For more information on passwords, you can check out a few of our related blog posts on the topic. 

Questions? Contact PK Tech here.