Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
Exposing private information by timing web applications
Proceedings of the 16th international conference on World Wide Web
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Parallel crawling for online social networks
Proceedings of the 16th international conference on World Wide Web
Communications of the ACM
Measurement and analysis of online social networks
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Characterizing privacy in online social networks
Proceedings of the first workshop on Online social networks
Robust De-anonymization of Large Sparse Datasets
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Why and How to Perform Fraud Experiments
IEEE Security and Privacy
A low-cost attack on a Microsoft captcha
Proceedings of the 15th ACM conference on Computer and communications security
Internet social network communities: Risk taking, trust, and privacy concerns
Computers in Human Behavior
Social networks and context-aware spam
Proceedings of the 2008 ACM conference on Computer supported cooperative work
User interactions in social networks and their implications
Proceedings of the 4th ACM European conference on Computer systems
Proceedings of the 18th international conference on World wide web
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Prying Data out of a Social Network
ASONAM '09 Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining
De-anonymizing Social Networks
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Large Online Social Footprints--An Emerging Threat
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A Practical Attack to De-anonymize Social Network Users
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
Messin' with texas deriving mother's maiden names using public records
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Exposing the lack of privacy in file hosting services
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Reverse social engineering attacks in online social networks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
How unique and traceable are usernames?
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Sherlock holmes' evil twin: on the impact of global inference for online privacy
Proceedings of the 2011 workshop on New security paradigms workshop
A vulnerability evaluation framework for online social network profiles: axioms and propositions
International Journal of Internet Technology and Secured Transactions
All your face are belong to us: breaking Facebook's social authentication
Proceedings of the 28th Annual Computer Security Applications Conference
Studying User Footprints in Different Online Social Networks
ASONAM '12 Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012)
An Analysis of Query Forwarding Strategies for Secure and Privacy-Preserving Social Networks
ASONAM '12 Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012)
Music similarity and retrieval
Proceedings of the 36th international ACM SIGIR conference on Research and development in information retrieval
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Exploiting innocuous activity for correlating users across sites
Proceedings of the 22nd international conference on World Wide Web
Social engineering attacks on the knowledge worker
Proceedings of the 6th International Conference on Security of Information and Networks
A defence scheme against Identity Theft Attack based on multiple social networks
Expert Systems with Applications: An International Journal
Journal of Information Science
| Hi-index | 0.00 |
Recently, social networks such as Facebook have experienced a huge surge in popularity. The amount of personal information stored on these sites calls for appropriate security precautions to protect this data. In this paper, we describe how we are able to take advantage of a common weakness, namely the fact that an attacker can query popular social networks for registered e-mail addresses on a large scale. Starting with a list of about 10.4 million email addresses, we were able to automatically identify more than 1.2 million user profiles associated with these addresses. By automatically crawling and correlating these profiles, we collect detailed personal information about each user, which we use for automated profiling (i.e., to enrich the information available from each user). Having access to such information would allow an attacker to launch sophisticated, targeted attacks, or to improve the efficiency of spam campaigns. We have contacted the most popular providers, who acknowledged the threat and are currently implementing our proposed countermeasures. Facebook and XING, in particular, have recently fixed the problem.