Facebook Users Expose Passwords Online
By Cpp, PRNESunday, October 9, 2011
NEW YORK, October 11, 2011 -
CPP calls on people to separate personal information from online accounts
Social media users are increasing their chances of identify fraud, by providing clues to their online passwords.
A study from security expert, Jason Hart, commissioned by life assistance company CPPGroup Plc (CPP) has revealed that one third (32%) of Facebook profiles contain at least two pieces of personal information such as their mother’s maiden name, date of birth, hobbies or children’s names. This information is often also used as a password or as an answer to a security question when users look to reset their online account log-in details.
In the study, details including the name of the user’s first school (64%), employer (46%), dates of birth (25%), children’s names (25%) and favourite football team (17%) were found to be visible on many people’s Facebook profiles.
As the most active social media users, those aged 18 to 24 with a Facebook account are the most likely to publicise their personal information - and often to complete strangers. This age group has on average more than 250 friends but 81%[1] say they do not trust all of their Facebook ‘friends’. Half (50%) have accepted a friend request from a total stranger and 9% would accept an invitation from someone they did not know if they were good looking or popular.
But it’s not just the 18 to 24 year olds who are making themselves vulnerable - users of all ages are putting themselves at risk. One third (33%) of all those with a Facebook account admit to accepting an invitation from people they had never met before, with 38%[2] confessing they don’t know everyone they are friends with on the site.
Over half (52%) of the Facebook account holders questioned had received friendship requests from strangers. And despite recent media controversy around privacy and security on the site, one in twenty (6%) users allow anyone and everyone to see their entire profile.
Danny Harrison, CPP’s Identity fraud specialist is calling on individuals to not use personal information for online passwords or security questions.
“It isn’t a good idea to use personal information for passwords online. Sharing is the whole point of Facebook and other social media sites, so users are naturally going to promote their personal information online. The problem is this information could be used by fraudsters to reset passwords and access people’s online accounts. To compound the problem, there are tools available online that can capture keywords from a website, including a Facebook profile, and others which will trial variations of the identified keywords until a password match is found.
For this reason, we are advising people to not use personal information as a means to verify their online identity and facilitate access to their online accounts.”
Personal information most commonly used as passwords[3]:
- Interests
- Hobby
- Favourite football team
- Favourite football player
- Children’s names
- First school
- Pet’s name
- Dates of Birth
- The user’s name
- Maiden name
Examples of how personal details visible on Facebook can be used by hackers:
Information Type Potential Impact Risk Factor High - if used as the answer to First school is often used as a security web-based question on web- based applications and security First School social networks questions An attacker can use this information to Medium to High - conduct a social engineering attack[4] risk to the user Employer to target the user's employer and employer High - as DOB is People that publicly display their date used by most Dates of of birth (DOB) are open to different banks as one form Interest forms of identity threat of identification Medium to High - This allows the user to become a based on if the potential target to password reset user is using a attacks and is a potential way to start web based email Email Address spear phishing attacks address High - maiden People that publicly display their name is used by maiden name also leave family members most banks as one open to different forms of identity form of Maiden Name threat identification
CPP’s top tips on protecting your personal data on social networking sites:
- Set a unique password for every website: Always create a unique password for each website you use
- Personal information: Ensure that you are not posting any personal information on Facebook that can be used against you, for example date of birth, mother’s maiden name or your email address
- Enforce two-factor authentications: A number of web based applications and social networking sites now provide users with the ability remove the need for static passwords and allow them to enable two-factor authentication - removing the risks of your password being compromised
- Privacy settings on your social network profiles: Review the privacy settings on your social networks to ensure they meet your expectations. Social networks in general initially set privacy settings to defaults that allow anyone to view your information
- Don’t use personal information to verify your online identity: If possible utilise other information or codes to construct a password, and consider using false information when asked to create a security question and answer
Research Methodology
ICM interviewed a random sample of 2030 adults aged 18+ online between 9-11 September 2011, of whom 1,281 had a Facebook account. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk
During September 2011 Jason Hart was commissioned by CPP to perform a review of 250 public Facebook profiles, to identify any information that could relate to an individual’s password and/or sensitive information that could allow a potential targeted attack against the individual. At no point during the research was any user’s data or online webmail accounts compromised.
Corporate Background Information
The CPPGroup Plc
The CPPGroup Plc (CPP) is an international marketing services business offering bespoke customer management solutions to multi-sector business partners designed to enhance their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability.
This is underpinned by the delivery of a portfolio of complementary Life Assistance products, designed to help our mutual customers cope with the anxieties associated with the challenges and opportunities of everyday life.
Whether our customers have lost their wallets, been a victim of identity fraud or looking for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to enjoy life. Globally, our Life Assistance products and services are designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.
Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year.
In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the previous year.
In March 2010, CPP debuted on the London Stock Exchange (LSE).
What We Do:
CPP provides a range of assistance products and services that allow our business partners to forge closer relationships with their customers.
We have a solution for many eventualities, including:
- Insuring our customers’ mobile phones against loss, theft and damage
- Providing assistance to cancel and reorder customer’s payment cards should these be lost or stolen
- Providing assistance and protection if a customer’s keys are lost or stolen
- Providing advice, and assistance to help customers in the event their identity is fraudulently used
- Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service
- Monitoring the credit status of our customers
- Provision of packaged services to business partners’ customers
CPP is an award winning organisation:
- Top 50 Call Centres for Customer Service, 2009, 2010 and 2011
- Finalist in the Plc Awards, New Company of the Year, 2011
- Winner in the European Contact Centre Awards, Large Team of the Year category, 2010
- Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010
- Finalist in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010
- Finalist in the National Insurance Fraud Awards, Counter Fraud Initiative of the Year category, 2009
- Finalist in the European Contact Centre Awards, Large Team and Advisor of the Year categories, 2009
- Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100
- Finalists in the National Business Awards, 3i Growth Strategy category, 2008
- Finalist in the National Business Awards, Business of the Year category, 2007, 2009 and Highly Commended in 2008
- Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250 companies
- Regional winner of the National Training Awards, 2007
- Winner of the BITC Health, Work and Well-Being Award, 2007
- Highly Commended in the UK National Customer Service Awards, 2006
- Winner of the Tamworth Community Involvement Award, 2006. Finalist in 2008
- Highly Commended in The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007
For more information on CPP click on www.cppgroupplc.com
1. According to the ICM research, 19% of 18-24 year old Facebook users say they trust everyone they are friends with on Facebook. 100% - 19% = 81%
2. According to the ICM research, 62% of 18-24 year old Facebook users say they know everyone they are friends with on Facebook. 100% - 62% = 38%
3. According to research and analysis by Jason Hart
4. Social engineering is a term used to describe accessing needed information (for example, a password) from a person rather than breaking into a system. Social engineering is similar to hacking in that it is used to gain unauthorised access to systems or information to commit fraud, network intrusion, industrial espionage, identify theft or a simple disruption. However, social engineering is generally much easier than technical intrusion (hacking), as it does not require the technical know-how or background to be completed successfully. Rather, it simply involves having personal information.
For more information, to trail the app, or to arrange a time for interview with CPP’s Danny Harrison please call Band & Brown Communications: Beth Milsom - +44(0)203-451-9428 / +44(0)7838-163-369; Bryony Partridge - +44(0)203-451-9406 / +44(0)7846-004-416; Elisse Ahmet - +44(0)203-451-9446 / +44(0)7926-341-557
Tags: Cpp, Facebook, New York, October 11, United Kingdom