We all wish our friends and family a Happy Birthday via social media. But this small act of kindness means that we are giving away private information about our friends and family that compromises their online security. In other words, we could be helping criminals access their private accounts because now they know the users date of birth.

Security experts are warning people not to mention birthdays on social media as banks and other organisations often use a customer’s date of birth to verify their identity. In the UK and the European Union your date of birth is protected as personal data under data protection laws.

A study conducted by the University of Edinburgh, UK and led by Dilara Kekulluoglu found that over a 45 day period, 18 million Twitter posts mentioned a “happy birthday.”2.8 million of these mentioned the users name. So, it could be used to work out a person date of birth, well at least the day and month. Meanwhile, more than 66,000 gave away the persons age too. And that means that criminals have discovered a user’s full date of birth, day, month, and year.

From the Twitter users only 2% share their birth years on their profiles. In other words, well wishers are giving away too much information. Information that 98% of users are unwilling to share themselves.  

Kekulluoglu says that the number of tweets with sensitive information is even more if you consider those with the term “birthday” another 0.85 per cent, misspellings and “HBD” the acronym for Happy Birthday.

Above all, she says “the information you leak and your networks leak, it’s one point in the data chain that could get malicious people closer to your account. “

But how do we move away from wishing people a happy birthday online? Kekulluoglu believes wishing people a happy birthday brings joy and doesn’t think the solution is to stop.

Dilara’s solution is to change what organisations use for authentication. In other words, with the introduction of social media, using date of births isn’t good enough anymore. It wasn’t guessable previously if you weren’t close to that person but now it is. Banks and other institutions need to look at other information to verify a persons identity.

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?