A professional hacker reveals the top security mistake people make online — and it's something you probably do every day


people looking at phones

  • Oversharing is one of the most common security mistakes people make online, according to Etay Maor, an executive security adviser at IBM Security.
  • That’s because seemingly harmless details, like the name of your pet, could reveal clues about what your password might be, or the answers to your two-step verification questions.
  • Additionally, it’s important to remain skeptical when asked for personal data, whether it’s from an app on your phone or elsewhere.
  • Visit Business Insider’s homepage for more stories. 

You may be great at coming up with complex passwords that are hard to guess, keeping your smartphone or computer’s software up to date, and avoiding phishing schemes. 

But there’s another critical security mistake people often make online: oversharing on social media. That’s according to Etay Maor, an executive security adviser at IBM Security. It’s not just sensitive personal data like phone numbers, credit card numbers, and addresses that you should avoid sharing online, but also seemingly harmless information like mother’s maiden name or your pet’s name.

Such details are often used as answers to two-step verification questions or passwords, and they can easily be found just by scanning someone’s Facebook page if that person frequently shares photos of their pets.

Read more: A futurist reveals the biggest ways tech will transform our lives in the next 5 years

 “Today, people are writing about everything,” said Maor, who studies cyber criminal tactics on the dark web to help clients better protect themselves by understanding how hackers work. “They’re putting everything online, and then they get mad at you if you don’t read it.”

In addition to being careful about what you share on social media, it’s also a good idea to do some critical thinking when it comes to the companies and organizations asking for your personal information, says Maor.

He shared an example of one instance in which he filled out a new patient form at a doctor’s office that asked for his social security number. He decided not to write it, and that decision had no impact on his visit to the doctor.

“So why did you ask me for that in the first place?” he said referring to the doctor’s office. “If you get breached, and then the information is there, I’m going to have a whole other set of problems.”

Being selective about the information you share online can be more important now than ever before as data breaches become increasingly common. Just earlier this week, it was revealed that Capital One was hit with a massive data breach that impacted 100 million customers and applicants in the United States and six million in Canada. Information that was compromised included names, addresses, dates of birth, phone numbers, the social security numbers of 140,000 customers, and the bank account numbers of 80,000 customers. 

That notion of scrutinizing why a company needs your information in the first place is especially critical when it comes to app permissions. Companies like Apple and Google are trying to make it easier to manage which apps have access to different parts of your phone in their latest mobile software releases. But it’s up to the user to use such tools and keep track of what the apps installed on their phone are actually accessing.

“We don’t look at it anymore, we just click next,” said Maor. “So we need to pay attention to these things.”

SEE ALSO: It may be impossible to stop hackers from breaking into corporations like Capital One. But here’s what companies should do anyway to make sure data doesn’t fall into the wrong hands.

Join the conversation about this story »

NOW WATCH: 5 things wrong with Apple’s lightning cable