16 August 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,009,933Views 62Comments

Social Network is Accused of Identity Theft

15 July 2009  |  1959 views  |  0

The state of New York, Office of the Attorney General plans to sue the social-networking site Tagged.com for allegedly using deceptive e-mails in order to gain new users.

It is alleged that the social-networking service stole the identities of more than 60 million Internet users by sending e-mails to people saying that members of the site had tagged them in photos but the photos did not exist and that Tagged raided their private accounts.

The e-mails that people received appeared to come from their friends via the website as an offer to look at the friends pictures and join in. It is believed that Tagged, would then illegally get access to those new users’ e-mail address books and send out more messages without those users’ knowledge. Tagged will be sued for deceptive e-mail marketing practices and invasion of privacy, the office said.

In a statement by their CEO he said “Simply put, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.”

I received the same emails from friends, people who were “duped”. I spoke to those people and understand it to be true that, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.

I don’t believe identities were stolen at any level and that anyone using terms such as “stolen Identity” or “identity theft” are grossly mistaken, but “email harvesting” and a degree of spam and questionable marketing may have occurred.

Here is exactly what happened. A person receives an email saying their friend wants to show them a picture. They have to visit the site, sign in, and register to view it. In that process they are asked for their user name and password from their web based email account to invite more friends to their new account. Many people have done this in Twitter, LinkedIn and Facebook. The lie told is there is no picture to be seen. That’s deceptive marketing, not identity theft.

Criminal hackers have been using the same ruse to get people to log in to a spoofed Facebook account for the past year. Once logged in the user is requested to download a file to watch a video. This download has a virus that allows a full takeover of their account. It almost looks like Tagged took a page out of the criminal hackers book using the same ruse, but without the virus or the spoofed site.

The fact is whenever you register for a social networking site you are asked to plug in your credentials and invite your address book. Doing this is not a bad thing, unless the company you are trusting is a bad corporate citizen. That said; don’t provide any website your log in credentials to your web based email account if you don’t believe them to be 100% legit. Further, when you have web based cloud accounts that contain email and also have proprietary documents or files within that account NEVER GIVE THAT DATA TO ANY COMPANY.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  5451 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6065 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  4780 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5558 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5063 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe