The Associated Press has a story that shows how data that people publish about themselves online — via social networks or other Web sites — can be used to invade a person’s privacy. (This isn’t the first time this has happened; read more after the jump.)
In a cautionary tale for users of social-networking sites, a California man has admitted using personal information he gleaned from Facebook to hack into women’s e-mail accounts, then send nude pictures of them to everyone in their address book. […]
Prosecutors said [George Bronk, 23,] would scan women’s Facebook accounts looking for those who posted their e-mail addresses. He would then study their Facebook postings to learn the answers to common security questions like their favorite color or father’s middle name.
He contacted the women’s e-mail providers and used the information to gain control of their accounts. He also often gained control of their Facebook accounts by hijacking their passwords, then posted compromising photographs on their Facebook pages and other Internet sites. […]
Investigators found 172 e-mail files containing explicit photographs of women when they searched Bronk’s computer in September, according to a court affidavit. They were able to track his victims to England, Washington, D.C., and 17 states: Alabama, Arizona, California, Georgia, Illinois, Iowa, Kansas, Louisiana, Massachusetts, New Hampshire, New Jersey, New York, Ohio, Oregon, Texas, Virginia and Washington.
There have been other cases where data made public by an individual has been used against him or her. In 2009, a hacker was able break into a Twitter employee’s e-mail account and through that was able to get to confidential business documents that were stored on the business version of Google Apps — a paid cloud computing service. “[T]he Twitter hacker managed to correctly answer the personal questions that Gmail asks of users to reset the password,” the New York Times reported.
In 2008, a teen hacker was able to break into Alaska Gov. Sarah Palin’s Yahoo e-mail account in much the same way as the Twitter hacker. Wired reported, “As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.”
These cases remind us that we need to take our electronic privacy safeguards seriously. Of course, we know we should create passwords that are difficult to guess. But we should also resist using security questions that are easy to break. For example, instead of using the question “What is your mother’s maiden name?” you could use “What was your favorite book in high school?” or “What is the worst TV show ever made?” If the Web sites you are using insist on the easy-to-break questions (“Where were you born?”), then you can always make something up.