Sign In

Communications of the ACM

ACM News

Your Groups Tell Hackers Who You Are

View as: Print Mobile App Share:
Identity theft via browser

Technology Review

People often get categorized by social group—jock, geek, soccer mom. The same is true for our online identities: If you have an account on Facebook or LinkedIn, you might also belong to several groups on each site.

Now researchers at the Vienna Institute of Technology, Institut Eurecom and UC Santa Barbara have found a way that malicious websites could find out what groups you belong to, and use that information to identify you. Such websites could use the trick for identity theft or to craft personalized scams.

The researchers found that a malicious site could "capture" a person's social networking groups from his browser with a trick known as history stealing. By cross-referencing these groups, they could reveal someone's social-network profile%mdash;and therefore their real-life identity—42% of the time. This means that an otherwise anonymous Web user could be identified correctly by a malicious site simply because the user visited that site.

From Technology Review
View Full Article


No entries found