Security experts are concerned about the popularity of what has been nicknamed the “10 concerts” Facebook ‘meme’. The game asks users to provide 9 music concerts they’ve been to and 1 that they haven’t – their friends then need to try to spot which band the user is lying about. Experts have labelled the game a “gift to hackers” as it could be a way for cyber-criminals to determine a crucial piece of information about users: the first concert they went to.
A user’s first concert is a common security question on online accounts and could hand malicious observers the key to finding out users’ passwords.
André Mouradian, Cyber-Security Education Organisation, Wombat Security commented below.
André Mouradian:
There has been an increase in the number and variety of ways in which hackers can now obtain personal information, in both a business and private setting, and especially through social media. The “10 Concerts” game phenomenon that has taken over Facebook may seem like harmless fun, however it could actually pose a threat to your security or online privacy as it has the potential to identify password use with people more likely to share information freely.
The more connected we become, the more important it is therefore to ensure that the general public are kept constantly up to date with ways in which to protect the corporate and personal data that is stored on their devices.
From a corporate standpoint, the phenomenon of BYOD, where employees use their personal devices at work, can leave organisations open to having potentially very sensitive company information hacked. Organisations need to keep employees constantly up to date by assessing, training, reinforcing the security message, and checking how much they have learnt – in other words, in-depth security training. This will drastically reduce the number of successful attacks an organisation or an individual will be open to as they have heightened awareness. Many organisations will invest in hugely expensive security infrastructure, only to be breached by an employee clicking on a phishing email or sharing information freely on social – the moral of the story is, continuous education is crucial.
My top tips to keep passwords safe would be:
- Be careful with who you allow your information shared to, as well as who can see your page and posts. These precautionary methods are massively important and a lot of the time should be pure common sense.
- Use a different password for every website that you use.
- Use a combination of upper case, lower case, numbers, and symbols.
- Change your passwords every three months, at least.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.