Social Security Numbers Easily Hacked Using Public Data

July 7, 2009

(ChattahBox)—A group of computer scientists from Carnegie Mellon University have turned the notion of private, protected social security numbers on its head, with their newly published study showing how easily hackers can guess a person’s nine-digit social security number using public information.

The team of scientists discovered that armed with a couple of nuggets of seemingly innocuous information, such as a person’s birth date and hometown, determined hackers can guess a person’s social security number, verify it online using a process called tumbling and then proceed to engage in large-scale identity theft.

The scientists found that people born after 1988 in small towns are most at risk, because of the less secure method of assigning the identification numbers at birth.

The computer scientists first studied the data contained in certain public records called a “Death Master File,” which contains social security numbers and birth information for people who have died. They ran the data through computer models and quickly discovered a pattern in the way the numbers were assigned.

From there, it was a simple matter to accurately guess a large percentage of social security numbers. With just two guessing attempts, the researchers correctly guessed the first five digits of social security numbers for 60 percent of deceased Americans born between 1989 and 2003.

With fewer than 1,000 attempts, they could identify the entire nine digits for 8.5 percent of the group.

The scientists then developed an algorithm from their research using the Death Master File and quickly went to work guessing people’s social security numbers, by mining for people’s birth dates and hometowns posted on a social networking site.

Their methods were confirmed, as they were able to accurately guess social security numbers at a high rate, armed with those two pieces of personal information.

The big takeaway from this study, is don’t reveal any personal details online, as seemingly innocuous information like your birth date and hometown can lead to identity theft.

The scientists are also advising the government to stop using social security numbers as a means of verification, because they are too easily hacked, giving criminals the key to the kingdom with just a nine-digit number.

The entire study is available in the journal Proceedings of the National Academy of Sciences.



One Response to “Social Security Numbers Easily Hacked Using Public Data”

  1. Social Security Numbers Easily Hacked Using Public Data … on July 7th, 2009 11:57 am

    […] See the original post: Social Security Numbers Easily Hacked Using Public Data … […]

Got something to say? **Please Note** - Comments may be edited for clarity or obscenity, and all comments are published at the discretion of - Comments are the opinions of the individuals leaving them, and not of or its partners. - Please do not spam or submit comments that use copyright materials, hearsay or are based on reports where the supposed fact or quote is not a matter of public knowledge are also not permitted.