Why Named Games on Social Media Are a Security Threat
This should be common sense at this point, but the fact that they continue to evolve on social media suggests that a lot of people need a reminder to stop engaging in those weird memes that ask you to provide seemingly harmless personal information (your complete name + street you grew up on + your first car, etc.) to get a stripper name, porn star name or witness protection name. Not only doesn’t anyone really care, but these “fun” little internet waste of time pose a big security risk.
As for why, it should be obvious. Some of these quizzes or silly posts on the Internet ask the same account recovery questions that you will encounter when trying to log into a secure online account. I can’t count the number of times I’ve seen an app or service ask for “the street you grew up on,” “the city you were born in,” “elementary school for childhood,” or other similar questions as part of their account recovery mechanism.
Yes, for this to happen, an attacker would need to know something about your accounts – for example, the email address you use for a particular service – and also track you on social media to see if you answered similar questions. However, the automation of the tool for this is not excluded. If you post such information publicly, you put yourself at risk.
As 1Password wrote back in 2018 :
Playing games, taking quizzes and even commenting on the question “What’s your name X?” messages can provide criminals with answers to your security questions. Maybe you combined your mother’s maiden name with the color of your first car to find out that if you were a street racer, you would be Fitzpatrick Gold. This can give them access to your accounts where they can steal your information, and some of these games go even further.
Some quizzes send you to a site where you add information directly, or the game asks you to connect to your social media account to access your data. They take that information and spit out the funny name, mythological creature, or breakfast cereal that best matches your personality. You can then share the results on your page to encourage others to do the same.
Unfortunately, it is not a coincidence that most of the information requested is the same information that is used to answer the security questions that websites ask when they create an account. These questions can help you in case you forget your password or find yourself locked out. But if someone else answers these questions correctly, they can change your password and take control of your account.
If you’ve been answering these kinds of quizzes for a while, hope is not lost. First, take the time to figure out where you usually post these posts and remove them if possible. This is less of a concern if you restrict your posts to only friends on a particular social network, but more problematic if you just let your name combinations circulate freely in the public domain. (In other words, you should really just delete all those old tweets that you’ve never viewed.)
You can also review your main accounts and make sure you’ve set up some kind of two-factor authentication, which will hopefully give you an extra layer of security in case someone tries to reset your password. Also, I am assuming that most of the major services will send a password reset link or new password directly to the email address that you associated with that service. So, at a minimum, make sure you lock your e-mail accounts using a very reliable 2FA and unique passwords. If you’ve allowed apps or services to access your email account, but are no longer using them, revoke those permissions.
Finally, know that you never have to be honest. I don’t know why people think they need to honestly answer security questions. You won’t. The street you grew up on could have been Cinnabon. Your mother’s maiden name could be something straight out of an Elon Musk play. You can use the super complex password for an answer to your secret question, and then save the answer in your favorite password manager (or in a notebook with a pen and something else). Believe me, no one realizes that your first pet was named “3D4 $ j87 # jdFd! 9.12 (9RF32 @ 84 $. “
These online quizzes, memes, and other viral content generators may look innocent and funny, but any personal data you post in the public domain may one day come back and haunt you. Even if you think you’re just engaging in a friendly joke, there may be a little more in your responses than you think — even for a seemingly silly thing like your “stripper name.” And now that you’re on the lookout, also avoid random online polls , polls from unknown sources, and anything else that requires you to provide your information in exchange for meaningless entertainment.