If you have spent time on social media over the last few years, you probably know your villain name, which Disney character you are most similar to, or how well your friends know you. Here’s another quiz you should take: Which generation has the worst password habits?
These whimsical quizzes and questionnaires can be an excellent distraction from daily realities. But if the Cambridge Analytica scandal taught us anything, it’s that information divulged online can be used against you.
It might seem to be harmless fun but read on to see why you need to think twice before taking those social media quizzes.
Here’s the backstory
Have you ever stopped to think about the information you freely put out on social media? We’re not talking about uploading photos or linking to a personal blog. We specifically refer to the multitude of quizzes on Facebook, Twitter and other social media platforms.
For instance, in one quiz spotted on Twitter, you correlate your birth month and birthday from the selection to get the answer to “What’s your horror hostname?” That quiz is relatively mundane, but others are more intricate.
Their problem is not that our horror hostname is “Collector of Villainy,” but that it is easy to disseminate the information. It would be quick for someone else to work out the precise details of your answer and collect more information than you intended to share.
Depending on the quiz type, you could reveal your birthday, favorite color, pet’s name, the first letter of your mother’s name, where you live and so on. These answers are often found in account recovery or password retrieval.
See the problem? If hackers wanted to target you through phishing attacks or brute force, they could go through your social media quizzes to learn more about you. Chances are, they will come across some information that could help them.
What you can do about it
The easiest way to ensure that you don’t share sensitive information is not to take the quiz. Instead, you could work out the answer for yourself and have a giggle, but resist the urge to share it on social media.
The Better Business Bureau (BBB) has also warned against these questionnaires and sharing the results. “These are common security questions for insurance, banking and credit card accounts. Social media data and quiz answers can be used to steal your identity or enable a scammer to impersonate you,” the BBB explained.
Here are some tips from BBB to stay safe online:
- Be skeptical: Before answering a quiz, figure out who created it. Is it a brand you trust? Just because something appears to be fun and innocent, doesn’t mean there isn’t an inherent risk.
- Adjust privacy settings: Review the social media account’s privacy settings and be strict about any information that is shared. Also, be mindful of who you are sharing it with.
- Remove personal details from your profile: Don’t share information like your phone number or home address on social media.
- Don’t give answers to common security questions: Be cautious if the questions in a quiz ask for things like your mother’s maiden name, the street you grew up on, previously owned vehicles, favorite foods or the name of your high school.
- Monitor friend requests. Don’t accept friend requests from people you don’t know. And be wary of a second friend request from someone you are already connected with; the second profile may be an imposter trying to access your data and Friends list.
Remember when you took that little Facebook quiz that claimed to reveal “what type of beauty you possess”?
Or that funny photo app that turned you into a magazine cover model? Or maybe that test that told you what kind of “Game of Thrones” character suits you?
Admit it, you have taken a number of these Facebook tests, haven’t you?
Quizzes like these are some of the social media site’s most popular guilty pleasures. If all your Facebook friends are taking them, they’re probably OK, you might think.
Well, the Cambridge Analytica scandal reminded us how these seemingly harmless and fun quizzes and apps can be trojan horses for massive data collection.
Take this popular third-party Facebook quiz app, for example. It looks like it has been leaking user information for years!
Are you one of 120 million?
(No, this is not another silly quiz.)
NameTests, one of Facebook’s biggest quiz app platforms, has been publicly exposing the data of up to 120 million people for years, including names, birthdates, photos and status updates.
Security researcher Inti De Ceukelaire discovered the alarming flaw and reported it via Facebook’s new Data Abuse Bounty program. Note: This program was launched as part of Facebook’s ongoing crackdown on abusive third-party apps.
Now, unlike in the Cambridge Analytica case where the quiz developer willingly shared the data with the analytics firm, Nametest’s data leak was caused by a glitch on its website.
According to De Ceukelaire’s findings, each time someone takes a NameTests quiz, its website fetches the Facebook user’s personal information and displays it on a webpage.
The problem? This page was poorly configured and allowed anyone to access it.
“I was shocked to see that this data [were] publicly available to any third-party that requested it,” de Cuekelaire wrote in a blog post. “In a normal situation, other websites would not be able to access this information.”
Be safe on-line.
Article by Charlie Fripp and Francis Navarro for Komando.co