Hackers could use your “10 Concerts” list on Facebook against you
The last few days have seen yet another Facebook meme live out its full life cycle online: hatching, adoption by a certain subset of your friends, mockery and subversion by another group of friends who view themselves as intellectually superior to the first group, and then death. In this case, it was a series of posts circulating asking people to list 10 concerts they’ve been to, with one as a lie. But, as pointed out by The New York Times—in consultation with a couple of social engineering security experts—this latest exercise in public sharing could expose users to more dangers than just the withering scorn of friends who don’t think “Weird Al at age 11” is a suitably hip gig to post.
Per the Times article, the experts’ concerns were two-fold: first, that advertisers could glean your list to learn more about you, the better to target ads based on your love of, say, Counting Crows. (Hence all the ads you may have been seeing lately for “Long December” brand Seasonal Affective Disorder treatment lamps.) That give and take of personal information is a common tightrope we all walk by putting our souls on display on Facebook. But that doesn’t mean people aren’t currently offering up their tastes on a silver social media platter, either.
The other, more insidious danger is that of account hacking. “What was your first concert?” is not an uncommon “secret question” for account recovery processes, and by listing all the concerts you’ve been to, you’re potentially exposing that info to the criminals. (Even if the hackers are briefly tripped up by your lie about having seen Billy Joel live.)
Reading the experts’ advice, it sounds like the easiest solution to all of this is, rather than offer up 9 truths and a lie, just offer up 10 lies. Hell, offer 11. Lie on your secret questions, too. Lie everywhere. Remember: They can’t steal your identity if you’ve obscured it so completely that not even you’re sure what concerts you’ve been to by now.