Should Facebook Users Skip the Birthday Celebrations?
By Paul O’Reilly
A study at Carnegie Mellon University has raised new alarms about the possibility of online identity theft and the dangers of including personal information on social networking sites.
Apparently, Social Security Numbers (SSNs) are assigned by the states according to a complex but predictable pattern. By using information about an individual’s state of residence and date of birth, it was possible to accurately predict a narrow range of values where that individual’s SSN is likely to fall. The accuracy of the prediction was particularly high for those individuals born after 1988 and in less populous states.
Although the predictions only gave a range of possible SSNs, they could invariably lock-in on the first 5 digits. This means that an attacker could then make individual or multiple inquiries against public and private-sector databases to identify the exact number. The narrow range of possibilities makes it relatively easy for highly-organized thieves to go after huge numbers of targets.
The researchers noted that birth and residency data can be obtained from numerous places. Free online people searches will often yield birth dates with a few clicks of the mouse, as will inquiries to commercial data brokers. However, social networking sites such as Facebook can also be a reliable source. Estimates indicate that at least 10 million U.S. residents make their birthday information publicly available on their online profiles.
One of the problems of identity theft is that it is often discovered too late to do anything about it. Young people are particularly vulnerable. By the time they are old enough to apply for credit, their SSN may have been compromised for years, and it can take many more years to eliminate the abuse from their credit history.
The Carnegie Mellon study recommends re-introducing complete randomness into the allocation of future SSNs but, even if adopted, this recommendation could take years to implement and would rely on a level of cooperation between states that has been hard to achieve in the past.
One step we should take, and this particularly applies to our kids, is to be less open about sharing our date of birth when we are online. It may result in less birthday wishes from our 350 online ‘friends’ but, let’s face it, the real friends should know the date anyway!
Comment by Alex Henning (kimaso.com), posted 7/14/2009, 4:21 PM:
Facebook (and other social networks) have privacy settings that allow you to limit the people who can see your info to a small subset of friends you trust which greatly reduces your risk.