In our last feature, we discussed online security issues caused by the syncing of accounts to your social media identities. When a doxxer gains access to services such as Twitter and Facebook, and syncing has been done to outside sites during registration, they are given easy access to a list of services they can get into by simply staying logged into your social media account and clicking “Sign in with Twitter/Facebook” once they’ve toggled to these other services.
How do they gain access to your social media accounts in the first place, though? In our constantly connected culture, many users give out their email address without giving it a second thought. Some go as far as to include their address on their social media bios or “About” pages. Many of these same users also stick to just one email account that they use for all services. In some instances, a Google search may reveal sites where an email address is listed. If none of those work, the amount of users who have the same email, Twitter, and/or Tumblr handles is pretty high. We depend upon duplicity to make our lives easier and, unfortunately, a would-be doxxer’s as well.
Facebook and Twitter, as well as a plethora of social media sites, can be logged into using just an email address and password. Provided 2-step authentication hasn’t been enabled (which is always a good safeguard to consider), breaking past a missing password can be relatively easy. Most sites are set up in that your only option is to have a new password sent to your email account. They obtain your email address, switch to the host website (such as Gmail or Hotmail), click the “Forgot Password” option, and only a few simple questions are between them and the information they need.
It’s easy to believe that the questions selected are personal, unique ones that delve so deep into our personal lives that few would know the answers. According to Quora, here are a few of the most common questions:
“What city were you born in?”
“What was your high school mascot?”
“What is your mother’s maiden name?”
“Who is your favorite actor/musician/artist?”
The problem lies in the fact that these questions, plus many others, can be answered by looking at the exact Facebook account they’re attempting to access. Many email hosts have you answer a number of questions so that if you get one wrong, it has other ones to offer you. Should you not have the common Timeline marker for “Born” active (where a city will likely be listed), you probably have what high school you graduated from listed on your Facebook About page or among your schools on LinkedIn.
Searching for that school can lead to websites that are adorned with pictures of the mascot. Your favorite performer is probably listed in the Music, Movies, and TV sidebar on your Facebook profile, followed on your Twitter, or talked about constantly in your feeds. As for your mother’s maiden name? If she’s also connected, it might not only be included in her name on her own profile (the inclusion of both maiden and married names on Facebook is fairly common), but linked to your About page as well.
These are just a few examples of questions that can be exploited. The internet is full of data and information that can be used to bypass your set security measures are available in droves. There are a few steps that can be taken to reduce or remove this particular risk:
We store so much personal information in our email accounts that it’s worth the extra steps to keep them secured. Consider taking the time to assess your security risks and execute changes that could make all the difference in creating doxxing dead-ends.