I wrote previously about a new consumer reporting agency called the Social Intelligence Corporation that mines date from social networking websites such as Facebook and MySpace to build a consumer report about you. My previous post is here - http://fcralawyer.blogspot.com/2011/06/social-intelligence-new-social-network.html
The latest article which provides a good bit of detail of how the Social Intelligence Corporation will operate is here - http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202501431464&How_Do_FTCApproved_Social_Media_Background_Checks_Work
Custom Search
Showing posts with label MySpace. Show all posts
Showing posts with label MySpace. Show all posts
July 23, 2011
July 06, 2009
Study finds that SSNs can be guessed from data found on social networking sites
The following is a quote from an article by David Olmos and appearing on http://www.bloomberg.com/:
"Social Security numbers, commonly used by criminals in identity theft, can be guessed using information found on Internet social networks such as Facebook and MySpace and other public sources, a study found.
Researchers at Carnegie Mellon University used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. The study appears today in the Proceedings of the National Academy of Sciences.
Annual losses from identity theft totaled $49 billion, according to a 2007 report from Javelin Strategy & Research, a Pleasanton, California, market-research company. About 8.4 million U.S. adults were victims of identity theft that year, with losses averaging $5,720 a person, according to Javelin’s figures.
'We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,' said Alessandro Acquisti, the study’s lead author, in a telephone interview.
Acquisti, an economist at Carnegie Mellon’s Heinz School of Public Policy and Management in Pittsburgh, and computer scientist Ralph Gross used records from the Social Security Administration’s Death Master File to search for statistical patterns in the Social Security numbers of people. They obtained birth data from voter registration lists, online white pages, social networking sites and other sources, he said.
Birth Data
Birth data are key to figuring out a Social Security number because the first three of the nine digits are assigned based on where a person lived at the time of obtaining a Social Security card, said Acquisti. Information about how the Social Security number is assigned is publicly available on a government Web site, the authors said.
'The first five digits are very easy to predict, while the last four are harder,' Acquisti said. Identity thieves can sometimes obtain the last four digits of a Social Security number if they have other personal information, he said.
The study arose from Acquisti’s research into why millions of people reveal personal information, such as birth date and home towns, on social networking sites. Such information can be had easily from people who don’t block access by changing their Web site security settings, Acquisti said.
'The default setting on sites such as Facebook, when you create a personal profile, is that it is visible to anyone in your network unless you change the settings,' Acquisti said.
Cyber Criminals
Some evidence exists that cyber criminals already are using statistical analysis to work out Social Security numbers, Acquisti said.
When Social Security numbers were first issued in 1936, their purpose was more like a bank account number than a means for authenticating a person’s identity, said Acquisti.
Because use of these numbers is so widespread among financial institutions, health-care providers and other organizations, it’s difficult for consumers to take steps to insure their numbers remain private, he said.
'If a movie rental company asks for your number to be a member, you can easily bypass that by going to another company,' Acquisti said. 'But if your health insurer wants the number, now you are talking about something different. If you refuse to give it, that could be costly or dangerous to you.'
Credit-reporting companies use Social Security numbers to match personal information, which also leads to identity theft, said Robert Ellis Smith, of the Privacy Journal, a newsletter based in Providence, Rhode Island."
Interesting. One more reason to require exact matches of Social Security numbers, since the first five are often the same for siblings, for example, since they are often obtained at the same time in the same place.
"Social Security numbers, commonly used by criminals in identity theft, can be guessed using information found on Internet social networks such as Facebook and MySpace and other public sources, a study found.
Researchers at Carnegie Mellon University used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. The study appears today in the Proceedings of the National Academy of Sciences.
Annual losses from identity theft totaled $49 billion, according to a 2007 report from Javelin Strategy & Research, a Pleasanton, California, market-research company. About 8.4 million U.S. adults were victims of identity theft that year, with losses averaging $5,720 a person, according to Javelin’s figures.
'We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,' said Alessandro Acquisti, the study’s lead author, in a telephone interview.
Acquisti, an economist at Carnegie Mellon’s Heinz School of Public Policy and Management in Pittsburgh, and computer scientist Ralph Gross used records from the Social Security Administration’s Death Master File to search for statistical patterns in the Social Security numbers of people. They obtained birth data from voter registration lists, online white pages, social networking sites and other sources, he said.
Birth Data
Birth data are key to figuring out a Social Security number because the first three of the nine digits are assigned based on where a person lived at the time of obtaining a Social Security card, said Acquisti. Information about how the Social Security number is assigned is publicly available on a government Web site, the authors said.
'The first five digits are very easy to predict, while the last four are harder,' Acquisti said. Identity thieves can sometimes obtain the last four digits of a Social Security number if they have other personal information, he said.
The study arose from Acquisti’s research into why millions of people reveal personal information, such as birth date and home towns, on social networking sites. Such information can be had easily from people who don’t block access by changing their Web site security settings, Acquisti said.
'The default setting on sites such as Facebook, when you create a personal profile, is that it is visible to anyone in your network unless you change the settings,' Acquisti said.
Cyber Criminals
Some evidence exists that cyber criminals already are using statistical analysis to work out Social Security numbers, Acquisti said.
When Social Security numbers were first issued in 1936, their purpose was more like a bank account number than a means for authenticating a person’s identity, said Acquisti.
Because use of these numbers is so widespread among financial institutions, health-care providers and other organizations, it’s difficult for consumers to take steps to insure their numbers remain private, he said.
'If a movie rental company asks for your number to be a member, you can easily bypass that by going to another company,' Acquisti said. 'But if your health insurer wants the number, now you are talking about something different. If you refuse to give it, that could be costly or dangerous to you.'
Credit-reporting companies use Social Security numbers to match personal information, which also leads to identity theft, said Robert Ellis Smith, of the Privacy Journal, a newsletter based in Providence, Rhode Island."
Interesting. One more reason to require exact matches of Social Security numbers, since the first five are often the same for siblings, for example, since they are often obtained at the same time in the same place.
July 03, 2009
More about id theft via social networks
Speaking of using common sense to protect your identity, here's a quote from an article with some advice about what not to put on your online profile:
"BE CAREFUL about what you include in your profile on social-networking sites as the information could lead to identity theft.
According to a study by British software-security firm Webroot, one third of social networkers have at least three pieces of information visible on their profiles that could expose them to identity theft, PC World reported.
The study found that 59 per cent of Britons are unsure of who can see their profile, while 78 per cent have profiles that are visible in a Google search.
These are in spite of 78 per cent of them saying they worry about the privacy of information put up on their social-networking sites, such as Facebook and MySpace.
According to PC World, the study found that 36 per cent of respondents said they did not hide any of their personal information from people viewing their profiles. Twenty-eight per cent said they accepted 'friend requests' from strangers.
And what about passwords? A third of them said they used the same passwords for all of their online accounts.
Mr Mike Kronenberg, chief technology officer of Webroot's consumer business, told PC World: 'The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth.'
Mr Kronenberg added that users of social-networking sites should protect themselves by being aware of such risks, as well as how not to expose themselves to such threats."
For the original article, see - http://digital.asiaone.com/Digital/Features/Story/A1Story20090630-151742.html
"BE CAREFUL about what you include in your profile on social-networking sites as the information could lead to identity theft.
According to a study by British software-security firm Webroot, one third of social networkers have at least three pieces of information visible on their profiles that could expose them to identity theft, PC World reported.
The study found that 59 per cent of Britons are unsure of who can see their profile, while 78 per cent have profiles that are visible in a Google search.
These are in spite of 78 per cent of them saying they worry about the privacy of information put up on their social-networking sites, such as Facebook and MySpace.
According to PC World, the study found that 36 per cent of respondents said they did not hide any of their personal information from people viewing their profiles. Twenty-eight per cent said they accepted 'friend requests' from strangers.
And what about passwords? A third of them said they used the same passwords for all of their online accounts.
Mr Mike Kronenberg, chief technology officer of Webroot's consumer business, told PC World: 'The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth.'
Mr Kronenberg added that users of social-networking sites should protect themselves by being aware of such risks, as well as how not to expose themselves to such threats."
For the original article, see - http://digital.asiaone.com/Digital/Features/Story/A1Story20090630-151742.html
Subscribe to:
Posts (Atom)
Posts
