In less than an hour, starting with no more than a person's email address, a researcher in cyber crime was able to retrieve important personal information from popular social media sites.
David Mair of Swansea University described it as a simple way to help people realise how much private information they daily make available over services such as Facebook, Twitter, Linkedin, Snapchat and other social media services.
"Anyone can do this, it is not a specific skill," said the PhD candidate working in the university's College of Law and Criminality.
He had two colleagues helping him get through email addresses provided by people attending his talk on cyber security at the British Science Festival underway in Swansea.
“Essentially, we Googled you,” he told the audience before beginning to reveal the level of information to be had on social media. “The whole point of this is data leakage.”
He showed four envelopes each containing varying amounts of personal data and these were opened one by one until enough details emerged for the person to be identified. Most included information about family members, their names, ages and where they work. The names of children and birth dates were also readily available from social media posts.
All revealed their place of work and most offered names of in-law family members. One person’s profile showed that she was very keen on ballroom dancing but also science festivals and was seeking a way to bring the two together.
Other searches often revealed a person’s mother’s maiden name, a “secret” detail often used by banks and others to validate identity.
“What is the danger associated with this?” Mr Mair asked, before describing a collection of potential risks.
One was identify theft where a person gets access to personal information and then raids bank accounts or takes out loans in the victim’s name. This is often aided and abetted by the victim, who may have used family member’s birth dates as passwords, something that is easily cracked. He said the most popular password is actually the word ‘password’.
Different information emerges by using Facebook to monitor things that a person “likes”, a form of keyboard approval. Personal preferences emerge and these can be used to help build a profile of the person at risk.
Then there is “opportunistic criminality”, Mr Mair said. A person might refer to going on a two-week holiday, and if the cyber criminal can link an address to the person it likely means no one will be at home making it easier to rob.
One simple way to improve security is to change social media settings. Put less personal information on line and block your profile to all but your closest family and friends, he said.
He certainly was not saying people should avoid using these online services. “Social media is an important part of our lives,” he said. But people needed to take care.