Add Category
Every time you leave a comment about yourself on a public Facebook post, you're unwittingly giving ammunition to data harvesters, hackers and other malicious actors looking to gain a backdoor into your online accounts.
The social network is absolutely littered with seemingly innocuous posts asking users to comment and share — what was the name of your first pet? what was the make and model of your first car? what was the name of the street you grew up on? — and it's not uncommon to see that thousands of people have obliged. But a lot of these personal, quirky details are the same as those used by sites when you need to reset your password or prove your identity.
More than 25 thousand people posted about their first concert under one of these posts. The post about cars, from the same page, drew almost six thousand answers.
Since there are so many Facebook pages that do nothing but pose these sorts of questions and spread the posts as wide as possible, would-be attackers just need to follow along and harvest the data. Even worse, by commenting on such a post you're flagging that you're not opposed to giving this kind of historical information away, and an attacker could click through to your public profile and collect an entire cache of security question answers, along with potentially your full name, date of birth and email address.
"It seems pretty clear that criminals (and a whole host of other, perhaps not totally nefarious groups and individuals) are indeed harvesting such info from Facebook," security researcher Brian Krebs, who recently wrote a blog post on the subject, told Fairfax Media.
"Why wouldn't they? It's free, and people self-select for targeting."