Skip to content

Name Generator Memes as Security Answer Harvesting

Wed 29th January 2014

Now, I’m not 100% certain of this, it’s more of an observation and theory. Social media sites (well, at least Facebook in my experience) are awash with these images that tell you how to construct something like your “pirate name” or “new cat name”. While these have been around since the dawn of time (or at least the Internet), I have increasingly noticed the personal nature of the input data for these generators. This may be because I’m more wise and cynical, or maybe there’s something more sinister behind these newer ones.cat-name-security-answers

While telling a friend your favourite colour is innocuous, and they all probably know your phone number anyway, many forget that their status updates are public, or can be at least be seen by “friends of friends”, and comments on other people’s statuses are exposed at their privacy level. Complete enough of these and anyone out there can know the month you were born (Zodiac sign), the last 4 digits of your phone number (if the digit position changes), your favourite colour, your mother’s maiden name, the name of your first school and the street you grew up in.

monster-movie-name-security-answersNotice anything about these pieces of information? They sound a lot like the security questions banks, webmail and social media sites setup, often as a method of resetting your password in the case when your forget it.

Of course, when Apple and Amazon, or PayPal and GoDaddyΒ conspire to give up your accounts for the minimum of effort, maybe there’s no point in worrying about it?

Follow Up

As people have commented about this (mostly on Facebook), they’ve pointed out some other people that have identified this and some other shady generators, so I’ll collect those links here.

Other Reports

Tom O’Connor

Other Generators

Porn Star Name

Advertisements
3 Comments
  1. Nice post Rikki, thanks! Did you spot this article on how alleged security issues with GoDaddy and Paypal led to someone losing their Twitter username? http://thenextweb.com/socialmedia/2014/01/29/lost-50000-twitter-username/

    More social engineering. I can imagine the guy who pulled off the above stunt also drawing on information gleaned from the above kinds of memes.

    • Yep, linked to it, another one like it, in the last paragraph πŸ™‚ If you’ve not seen the @mat one, you should check it out too.

      • Oops! That was clumsy of me, sorry πŸ™‚

        I saw the @mat one — pretty horrifying.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: