Celebrating birthdays online may pose a security risk, Informatics researchers discover
Wishing someone happy birthday online may pose a security risk according to a study by Dilara Keküllüoğlu, Walid Magdy and Kami Vaniea.
0.85% of the English tweets on Twitter sampled stream have the word "birthday" in them. Platform users who shared their birthday in their bio even get birthday balloons on their profile. But public birthday celebrations can disclose the date of birth (DOB) of the birthday person when the age is included in them, e.g. "Happy 21st birthday!"
Keküllüoğlu and colleagues examined 2.8 million birthday tweets directed to 724K users over 45 days, and discovered that the age was likely to be disclosed for 50K users, including users with protected accounts. The study also showed that users are comfortable with the possible DOB exposure even when they are aware of the potential security and privacy implications.
However DOB is still used as some part of the authentication process by a lot of organisations such as banks. People also use their birthdays in their passwords and PINs.
The authors suggest that DOB is not considered as sensitive information by people online and its use in the authentication process should be phased out.
The results of the study will be presented at the 16th International AAAI Conference on Web and Social Media in June 2022, the pre-print of their paper is available now. The paper was featured by the New Scientist in a recent story.