January 18, 2012

My email address was shared on Twitter, but who cares?

Elad Sharf Security Researcher

Websense Security Labs™ has found that thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter.

We conducted research on how data that might be considered private is exposed via Twitter. The research focused on shared data, in particular email addresses, that can potentially be used against the one (or the organization) that shared it. During the research we monitored Twitter over a 24 hour period and found that users were publicly sharing email addresses connected with their inboxes, social media identities, and bank accounts. This leaves them open to advanced ‘social spear phishing’ attacks and spam campaigns.

Social spear phishing sees criminals attacking harvested email addresses with information gleaned from monitoring users’ Twitter conversations.  It's recommended that businesses update all acceptable use policies to warn employees of this risk.

Our research found that thousands of Email addresses are publicly shared daily via Twitter:

* More than 11,000 email addresses were shared worldwide


[Research data was collected over a 24-hour period in January 2012]


Gmail, Hotmail and many other free web-based email services are particularly under threat as cyber criminals can harvest social information on individuals via Twitter to break into these accounts. 

We realise that sometimes you need to share your email address. Here are some security tips on how to best avoid your shared data potentially being used against you: 

• Use direct messages (DMs) for sending email addresses to contacts on Twitter

• Treat emails from friends linking you to other sites with caution

• Never use passwords that can be inferred from publicly accessible information

• Since email is an often used route into a company by cybercriminals, ensure your email security has superior malware protection against modern threats  

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.