LOS ANGELES — Before you join in with the social media crowd and let everyone know about the first concert you attended, you might think twice — hackers would love to have this information.
This week, one of the most popular Facebook memes had people asking friends to figure out which of 10 concerts they didn’t really attend — and they’ve often been accompanied by a note about the first concert they ever saw.
This is a common security question — along with the name of the street you grew up on and your first job — and it’s the sort of information that hackers can use to break into your online ID.
“I typically advise people not to answer those questions. It’s not worth it,” says Tom Gorup, director of security operations for Rook Security in Indianapolis.
He believes the Facebook meme probably started as good-natured fun — like the recent Ice Bucket Challenge for charity — but as it grew in popularity, it probably signaled to hackers that good, readily available online information was there for plucking.
“If I’m a hacker, I’m taking full advantage of this,” says Fatemeh Khatibloo, an analyst with Forrester Research. Her advice — delete the concert posts today or set them to private. “Don’t make those kinds of answers about your life public.”
The situation calls into question the use of security questions, which are often used by banks and other financial institutions to guarantee your identity. Experts say don’t answer them — opt for an impossible to answer password instead.
“A bank asks to know my mother’s maiden name — spend 10 minutes online and you can find it out,” says Emmanuel Schalit,…