We all know that cyberspace can be a nasty place, but a new study from Bitdefender shows exactly how easy it is to compromise personal information across social media. The study found 100 people at random that fit into two categories – professional IT security workers and hackers – and used a phony social media account to gain each individual’s trust over a period of weeks. Sadly, both groups gave out all sorts of information, including their password strategies, mother’s maiden names, family details and address.
Editor’s note: This story is part of a series we call Redux, where we’re re-publishing some of our best posts of 2011. As we look back at the year – and ahead to what next year holds – we think these are the stories that deserve a second glance. It’s not just a best-of list, it’s also a collection of posts that examine the fundamental issues that continue to shape the Web. We hope you enjoy reading them again and we look forward to bringing you more Web products and trends analysis in 2012. Happy holidays from Team ReadWriteWeb!
The study, by Dr. Sabina Datcu, a researcher at Bitdefender’s Romanian research lab, put together two phony profiles of a 25-year old woman. In one profile, she was shown as an IT worker, while in the other she was specifically shown as an IT security worker. Over the course of many weeks, the phony profile gradually gained the trust of her 100 presumably real people with a series of online chats. Datcu noted what kinds of personal information her marks would disclose. It is a chilling result.
“The study revealed that no matter if working in the IT security industry or as a ‘bad guy’ (i.e. hacker), everyone can be vulnerable, and can disclose sensitive information to an unknown friend,” she states in the paper.
For example, 81% of the IT security people gave their mother’s maiden name, while 78% of the hackers divulged this information. Similar percentages show that both groups use the same password for multiple accounts. And even 7% of the hacker group provided their passwords! Almost all of the participants gave out information about their families.
“The results of this study suggest not only that people accept unknown people into their group based solely on a nice pro?le and on apparently having the same interests, but also that they are willing to reveal personal, sensitive information to such unknown people in an online conversation,” she wrote in her paper.
No surprise that people develop this false sense of anonymity over social media and are willing to share too much information. But this study shows that you really do need to be careful about what you say online about yourself, and whom you befriend or at least engage in conversation.