Birthstones, pet names and city of birth

I’ve seen things like the following recently on social media:

• Find out your dominant personality trait (by entering your birth month).
• Find which Chinese year you were born in (by entering your birth year).
• Discover your superhero name by entering the city you were born in and your first pet’s name.

If you participate in fun stuff like this, you’re making it easier for hackers to take control of things and potentially steal from you. And there are people who will participate just because you did.

Every time you follow a link like this and enter information, no matter how “fun” it is, you’ve giving a piece of your identity to someone you don’t know. Would it surprise you to learn that these sites can and do talk to each other? (Not all of them to all, but there’s definitely companies that specialize in this sort of thing.) Each of these pieces of information can be collated.

Once you’ve given up your birth month, it’s known.

Once you’ve given up your birth year, it’s not only known but collated with your birth month. If you’ve entered the birth day (like 13) somewhere, either alone or combined with a month, they’ve got your entire birthday.

Once you’ve given up the city you were born in and your first pet’s name, it’s known and collated with the other personal data.

Now think about the security questions you’ve set up with websites, banks, your insurance company, your cellphone company, your internet provider. They’re things like this, plus mother’s maiden name, name of your third grade teacher, etc. These are just more questions you can be asked in fun personality tests like this. When you are entering seemingly innocuous information to these sites, you are actually giving critical security information away to unknown parties that can be used in the future against you. Most things on the internet are for profit, and if you’re not sure how someone is making a profit from a particular thing it’s probably in a way you don’t like.

Brian Krebs of Krebs on Security wrote this in 2018:

On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

Don’t give away historic details about yourself — Krebs on security. (2018, April 9). Krebs on Security. https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/

Please stop making it easy for hackers. Those little games aren’t innocent. This isn’t just about your safety, either. When you share these, your voice provides free advertising for them to people who trust you. There are people who would not otherwise fall for these who will out because you did.