PRN: Facebook Users Expose Passwords Online
Facebook Users Expose Passwords Online
NEW YORK, October 11, 2011 /PRNewswire/ --
CPP calls on people to separate personal information from online accounts
Social media users are increasing their chances of identify fraud, by providing clues to their online passwords.
A study from security expert, Jason Hart, commissioned by life assistance company CPPGroup Plc (CPP) has revealed that one third (32%) of Facebook profiles contain at least two pieces of personal information such as their mother's maiden name, date of birth, hobbies or children's names. This information is often also used as a password or as an answer to a security question when users look to reset their online account log-in details.
In the study, details including the name of the user's first school (64%), employer (46%), dates of birth (25%), children's names (25%) and favourite football team (17%) were found to be visible on many people's Facebook profiles.
As the most active social media users, those aged 18 to 24 with a Facebook account are the most likely to publicise their personal information - and often to complete strangers. This age group has on average more than 250 friends but 81% say they do not trust all of their Facebook 'friends'. Half (50%) have accepted a friend request from a total stranger and 9% would accept an invitation from someone they did not know if they were good looking or popular.
But it's not just the 18 to 24 year olds who are making themselves vulnerable - users of all ages are putting themselves at risk. One third (33%) of all those with a Facebook account admit to accepting an invitation from people they had never met before, with 38% confessing they don't know everyone they are friends with on the site.
Over half (52%) of the Facebook account holders questioned had received friendship requests from strangers. And despite recent media controversy around privacy and security on the site, one in twenty (6%) users allow anyone and everyone to see their entire profile. Â
Danny Harrison, CPP's Identity fraud specialist is calling on individuals to not use personal information for online passwords or security questions.
"It isn't a good idea to use personal information for passwords online. Sharing is the whole point of Facebook and other social media sites, so users are naturally going to promote their personal information online. The problem is this information could be used by fraudsters to reset passwords and access people's online accounts. To compound the problem, there are tools available online that can capture keywords from a website, including a Facebook profile, and others which will trial variations of the identified keywords until a password match is found.
For this reason, we are advising people to not use personal information as a means to verify their online identity and facilitate access to their online accounts."
Personal information most commonly used as passwords:
Examples of how personal details visible on Facebook can be used by hackers:
Information Type Potential Impact Risk Factor High - if used as the answer to First school is often used as a security web-based question on web- based applications and security First School social networks questions An attacker can use this information to Medium to High - conduct a social engineering attack risk to the user Employer to target the user's employer and employer High - as DOB is People that publicly display their date used by most Dates of of birth (DOB) are open to different banks as one form Interest forms of identity threat of identification Medium to High - This allows the user to become a based on if the potential target to password reset user is using a attacks and is a potential way to start web based email Email Address spear phishing attacks address High - maiden People that publicly display their name is used by maiden name also leave family members most banks as one open to different forms of identity form of Maiden Name threat identification
CPP's top tips on protecting your personal data on social networking sites:
ICM interviewed a random sample of 2030 adults aged 18+ online between 9-11 September 2011, of whom 1,281 had a Facebook account.Â Surveys were conducted across the country and the results have been weighted to the profile of all adults.Â ICM is a member of the British Polling Council and abides by its rules.Â Further information at http://www.icmresearch.co.uk
During September 2011 Jason Hart was commissioned by CPP to perform a review of 250 public Facebook profiles, to identify any information that could relate to an individual's password and/or sensitive information that could allow a potential targeted attack against the individual. At no point during the research was any user's data or online webmail accounts compromised.
Corporate Background Information
The CPPGroup Plc
The CPPGroup Plc (CPP) is an international marketing services business offering bespoke customer management solutions to multi-sector business partners designed to enhance their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability. Â
This is underpinned by the delivery of a portfolio of complementary Life Assistance products, designed to help our mutual customers cope with the anxieties associated with the challenges and opportunities of everyday life.
Whether our customers have lost their wallets, been a victim of identity fraud or looking for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to enjoy life. Globally, our Life Assistance products and services are designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.
Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year.
In 2010, Group revenue was Â£325.8 million, an increase of more than 12 per cent over the previous year.
In March 2010, CPP debuted on the London Stock Exchange (LSE).
We have a solution for many eventualities, including:
CPP is an award winning organisation:
For more information on CPP click on http://www.cppgroupplc.com
1. According to the ICM research, 19% of 18-24 year old Facebook users say they trust everyone they are friends with on Facebook. 100% - 19% = 81%
2. According to the ICM research, 62% of 18-24 year old Facebook users say they know everyone they are friends with on Facebook. 100% Â - 62% = 38%
3. According to research and analysis by Jason Hart
4. Social engineering is a term used to describe accessing needed information (for example, a password) from a person rather than breaking into a system. Social engineering is similar to hacking in that it is used to gain unauthorised access to systems or information to commit fraud, network intrusion, industrial espionage, identify theft or a simple disruption. However, social engineering is generally much easier than technical intrusion (hacking), as it does not require the technical know-how or background to be completed successfully. Rather, it simply involves having personal information.