TY - GEN
T1 - Personal information leakage during password recovery of internet services
AU - Guri, Mordechai
AU - Shemer, Eyal
AU - Shirtz, Dov
AU - Elovici, Yuval
N1 - Publisher Copyright: © 2016 IEEE.
PY - 2017/3/2
Y1 - 2017/3/2
N2 - In this paper we examine the standard password recovery process of large Internet services such as Gmail, Facebook, and Twitter. Although most of these services try to maintain user privacy, with regard to registration information and other personal information provided by the user, we demonstrate that personal information can still be obtained by unauthorized individuals or attackers. This information includes the full (or partial) email address, phone number, friends list, address, etc. We examine different scenarios and demonstrate how the details revealed in the password recovery process can be used to deduct more focused information about users.
AB - In this paper we examine the standard password recovery process of large Internet services such as Gmail, Facebook, and Twitter. Although most of these services try to maintain user privacy, with regard to registration information and other personal information provided by the user, we demonstrate that personal information can still be obtained by unauthorized individuals or attackers. This information includes the full (or partial) email address, phone number, friends list, address, etc. We examine different scenarios and demonstrate how the details revealed in the password recovery process can be used to deduct more focused information about users.
KW - Information leakage
KW - Password recovery
KW - Personal information
KW - Privacy
KW - Security internet services
UR - http://www.scopus.com/inward/record.url?scp=85017199652&partnerID=8YFLogxK
U2 - https://doi.org/10.1109/EISIC.2016.035
DO - https://doi.org/10.1109/EISIC.2016.035
M3 - Conference contribution
T3 - Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016
SP - 136
EP - 139
BT - Proceedings - 2016 European Intelligence and Security Informatics Conference, EISIC 2016
A2 - Brynielsson, Joel
A2 - Johansson, Fredrik
T2 - 7th European Intelligence and Security Informatics Conference, EISIC 2016
Y2 - 17 August 2016 through 19 August 2016
ER -