Proceedings of the 16th international conference on World Wide Web
Sensitive label privacy protection on social network data
SSDBM'12 Proceedings of the 24th international conference on Scientific and Statistical Database Management
Delineating social network data anonymization via random edge perturbation
Proceedings of the 21st ACM international conference on Information and knowledge management
Discretionary social network data revelation with a user-centric utility guarantee
Proceedings of the 21st ACM international conference on Information and knowledge management
Hi-index | 0.00 |
The proliferation of online social networking services has aroused privacy concerns among the general public. The focus of such concerns has typically revolved around providing explicit privacy guarantees to users and letting users take control of the privacy-threatening aspects of their online behavior, so as to ensure that private personal information and materials are not made available to other parties and not used for unintended purposes without the user's consent. As such protective features are usually opt-in, users have to explicitly opt-in for them in order to avoid compromising their privacy. Besides, third-party applications may acquire a user's personal information, but only after they have been granted consent by the user. If we also consider potential network security attacks that intercept or misdirect a user's online communication, it would appear that the discussion of user vulnerability has accurately delimited the ways in which a user may be exposed to privacy threats. In this paper, we expose and discuss a previously unconsidered avenue by which a user's privacy can be gravely exposed. Using this exploit, we were able to gain complete access to some popular online social network accounts without using any conventional method like phishing, brute force, or trojans. Our attack merely involves a legitimate exploitation of the vulnerability created by the existence of obsolete web-based email addresses. We present the results of an experimental study on the spread that such an attack can reach, and the ethical dilemmas we faced in the process. Last, we outline our suggestions for defense mechanisms that can be employed to enhance online security and thwart the kind of attacks that we expose.