5 Seemingly Innocent Ways You Risk Your Identity Every Day

We tend to think of identity theft as a crime perpetrated exclusively on stupid people. Sure, you don't fall for that Nigerian prince schtick and you don't send your login information to "official" emails that misspell "PayPal."

Well, you'd best take a slice of humble pie, because there are lots of things that you do every day, that you're probably doing right now, that are putting your personal information at risk. Things like ...

#5. Playing Facebook Games


After a long, hard day of playing Facebook games and pretending to work, there's nothing quite as relaxing as heading home to unwind and play Facebook games without pretending to work. It's an innocent exchange. You get a few hours of entertainment in turn for nothing more than your time and willingness to glance at a couple of ads.

"Before 'Farmville,' gin was the only thing that could get me through a day of work."

We've already discussed how Zynga, the operators of "Farmville," are evil masterminds. What we didn't tell you is how you're pretty much opening your entire life to them whenever you play. And, if you don't happen to use any of their games, you can rest assured that the same is true of virtually every app on Facebook. Last month, the security firm Symantec uncovered a security hole in the social network that gave third-party clients access to the entirety of a user's account.

But hey, 'Mafia Wars'!

And we don't just mean they could see all those pictures of you drunkenly fingering that elephant pinata at your cousin's birthday blowout. Facebook was accidentally leaking access tokens to advertisers, developers, every-damn-body. Theoretically, these tokens could give a third party the ability to post as you on your profile, as well as look through literally everything you've ever posted on Facebook. As many as 100,000 apps had tokens leaked to them over a period of years.

"What other social network are you going to use -- MySpace?"

It's not directly Facebook's fault, except where they've been completely negligent about what goes on on their servers. Most Facebook apps are developed by third parties that can basically hijack the service for whatever dubious purposes they like, as evidenced by the plague of Facebook app viruses that spread thanks to people's tendency to click on anything that looks vaguely like a picture of boobs.

"Tits? Hell yeah I'll let you have access to my hard drive."

Now, here's the good news. Facebook doesn't think that any of the third-party sites actually took advantage of this hole when it was open. But that doesn't mean advertisers and app developers don't love spying on you. Facebook's privacy policy does forbid any app from sending user data to third parties, but The Wall Street Journal conducted a study at the end of 2010 which showed that 10 out of 10 of the top Facebook apps were in violation. Those apps sent off user ID data on millions of users to "outside companies," which means millions of people found their names, app preferences and friend lists leaked out to admen.

"Can you believe Bill is flirting with Jane and Sarah? Let's try to sell penis enlargers to all of them."

In other words, information sharing is against Facebook's privacy policy in the same sense that jaywalking is against the law. The rules are there, but nobody tries very hard to enforce them.

#4. Using Public Wi-Fi


About one-fifth of Internet users have used a public Wi-Fi network, be it at Starbucks or an airport or any of thousands of other locations where people just can't bear to be out of contact with their Facebook wall. Most of those users probably weren't aware that they were putting everything from their email password to their PornHub account at the mercy of anyone who happened to be paying attention.

"Would you like a croissant or some identity theft with your coffee?"

And we literally do mean anyone. There's a program called Firesheep that allows the user to intercept your Wi-Fi connection and gather the cookies from whatever sites you visit. The cookies, of course, being the files containing the info that lets you automatically log into sites the next time you visit. Once they have those cookies, they can gain access to your accounts. The Internet's propensity to give everything a geeky nickname has dubbed this process "sidejacking."

The creators of Firesheep are adamant that they don't intend for anyone to actually use this freely distributed program, but wanted "to demonstrate just how serious this problem is." Which is kind of like building a doomsday device to save the world from doomsday devices.

"There. Now the world is safe."

A recent British study hired a security expert to find out just how easy it is to leech sensitive information out of the public airwaves, and the guy wound up breaking into the accounts of 350 people in one hour, each "sidejack" taking as little as five seconds.

Worse, the hacker doesn't even need to stick around to continue harvesting your passwords. Open Wi-Fi is like an orgy during a latex shortage. Much like governments ill-advisedly developing anthrax and rage viruses, one lab recently developed what they call "Typhoid" malware, which can surf the Wi-Fi networks and infect computers that are in proximity to each other.

Because the original typhoid was such a good time for everybody.

#3. Following Celebrities on Twitter


The invention of Twitter has been useful primarily in maximizing the ability of celebrities to expose us to their shockingly dull and inane lives. But the mass adoption of the medium combined with the childlike trust we have in famous people creates just another opportunity for scammers to exploit.

"Taylor Hicks wants to worship the dark god Set? Count us in."

The fact is, celebrity Twitter accounts are easier to break into than a convertible sedan, as we saw in January 2009 when 33 different celebrity or corporate Twitter accounts were hacked. It began with a tweet from Fox News that read "Breaking: Bill O Riley [sic] is gay" and didn't stop until Rick Sanchez of CNN had admitted to being high on crack and Britney Spears informed a shocked nation about her four-foot-wide vagina.

Okay, so the Rich Sanchez = crack thing makes sense.

So why should you care that strangers are taking over Twitter accounts and making celebrities say ridiculous things? Well, the very same week this article was written, actor Simon Pegg's Twitter was hacked, telling his followers to download a Paul screensaver. Those who did found themselves infected with a Trojan designed to steal their online banking login information.

Which is, arguably, a better fate than watching Paul.

Just a couple of months earlier, Lady Gaga sent out an oddly worded tweet that purported to include a link to one of her banned music videos. The link led to a bogus site that attempted to hijack your Twitter account, using it to spread the same tainted message to all of your followers. Gaga wasn't the origin of the tweet, but she fell for it like thousands of other people and ended up exposing her 9.6 million followers to scammers as a result.

How could she have been outwitted?

You'd think it's their own fault for trusting somebody who once wore a gown made of meat, right? You'd be less inclined to expect scammers distributing links through Barack Obama's Twitter. Except, oh wait, that totally happened. Having lots of money and the ability to order a nuclear strike doesn't render you immune to 18-year-old kids with an Internet connection and buckets of free time.

"He's a nerd, gentlemen. The only way to stop him is a girlfriend who puts out."

Recommended For Your Pleasure

To turn on reply notifications, click here


The Cracked Podcast

Choosing to "Like" Cracked has no side effects, so what's the worst that could happen?

The Weekly Hit List

Sit back... Relax... We'll do all the work.
Get a weekly update on the best at Cracked. Subscribe now!