When you forget your password for your email account, a few standard security questions will give you a chance to prove your identity. If this information is publicly displaye anywhere on Facebook, you’re vulnerable to hacking. Here’s a cautionary tale about exactly that.
George Bronk, a 23-year-old from Citrus Heights, California, scanned women’s Facebook profiles, searching for whoever showed their email address publicly. He would then study that person’s wall and the fields she’d filled out in order to learn about her interests, activities, and other useful data he could later use to contact the female’s email service provider and say he’d forgotten his password. Using the essential information gleaned from her profile, Bronk was able to successfully answer the security questions the women had set up.
Once he gained access to the women’s email inboxes, he searched for nude pictures or videos sent from these accounts. Sometimes he forwarded this content to the victim’s entire contact list, and sometimes he contacted the victim directly and threaten to share the pictures if she didn’t send him new ones.
In some cases, Bronk would use the email account to contact Facebook and do the same forgotten password trick to score access to the victim’s entire Facebook account as well.
The good news in this case is that Bronk has been caught. One of his victims called the Connecticut State Police, which in turn alerted the California Highway Patrol. When he was finally arrested, his computer was confiscated and police found over 172 email files containing nude pictures and pornography, according to the Washington Post.
Bronk readily admitted to his crime and pleaded guilty in Sacramento Superior Court Thursday to seven felony charges, including computer intrusion, false impersonation and possession of child pornography. He faces a possible penalty of six years in prison when he returns to court on March 10.
Security experts told MSNBC that people can protect themselves from hacks like Bronk’s by fabricating responses to security questions. For example, say your birthplace is “1234” instead of “San Francisco.” That requires you to remember a lot of information. It’s much easier to use the privacy settings on Facebook to limit your profile’s visibility to friends only.
Do you think the women had it coming because they were not careful enough? How do you manage your privacy settings on Facebook?