
Every day, thousands of people are giving away private information about their friends that could compromise their online security â by wishing them happy birthday on social media.
Banks and other organisations often use a customerâs date of birth to verify their identity, and security experts therefore advise people not to mention it on social media. It is even protected as personal data under data protection laws in the UK and the European Union.
at the University of Edinburgh, UK, and her colleagues found more than 18 million Twitter posts that mentioned âhappy birthdayâ in a 45-day period. Of those, 2.8 million directly mentioned a user, so they could be used to ascertain an individualâs birthday. More than 66,000 of these tweets also gave away the age of the user, and therefore their full date of birth.
Advertisement
Only around 2 per cent of the Twitter users mentioned in those posts shared their birth years on their profiles, so the team warns that well-wishers are exposing this information for users who havenât proactively shared it themselves.
Kekulluoglu says that around 0.85 per cent of tweets in English contain the term âbirthdayâ, and that the number of tweets revealing sensitive information may be even larger when misspellings or acronyms like âHBDâ are taken into account.
âThe information you leak and your networks leak, itâs one point in the data chain that could get malicious people closer to your account,â she says.
But she doesnât think the solution is for us to stop wishing each other happy birthday online. âI wouldnât want that,â says Kekulluoglu. âI think this is something that brings joy to people.â
âDate of birth was a good authentication because everyone had one, and it wasnât that guessable if youâre not close to that person,â she says. âBut now, with the introduction of social media, itâs no good. If any companies or organisations are using it, they need to move away from it.â
Reference: