How dangerous is it to reveal your date of birth, and why?

  • At some point I told a friend that it's dangerous to reveal your birth date (kind of like your social security number or your mother's maiden name), because it's a crucial piece of information for identity theft. However, I'm not sure what exactly an identity thief could do if the only non-public information he had about me was my birth date. (I'd consider my name, and probably my address, to be public here.)

    How and why exactly is revealing your birth date itself dangerous?

    Note that I'm not asking why knowing it in combination with other personal information (e.g. SSN) can be dangerous. I'm asking why even knowing it in isolation is dangerous. What kinds of things could an ID thief do with just with my birth date? Can he, for example, open a bank account? Recover a bank password? Open a credit card? Take a car loan? etc.

    (I'm assuming the country is the United States of America.)

    John Smith, DOB unknown: 3 million candidate records. John Smith, 4/5/1955: 17 candidate records.

    @DeerHunter Those numbers are only representative if you assume people live 483 years on average.

    Revealing your birth date or -day can encourage people to throw surprise parties for you, which can lead to heart attacks and death, among other outcomes (including cake and presents!).

    Asking about knowing birthdate **not** in combination is somewhat disingenuous... the chances are that other information _is_ or _may be_ available, and not protecting all of it (unless really necessary) increases the chance of someone knowing enough to do damage.

    Comments are not for extended discussion; this conversation has been moved to chat.

  • Tim B

    Tim B Correct answer

    6 years ago

    The problem with revealing your birthday isn't the birthday itself, it is that you are giving people one more data point.

    Reveal your birthday on site A, your relatives on site B (which gives for example mother's maiden name), your address on site C...before you know it people are able to pull together a huge amount of compiled information.

    That information can then be used to hack things, either directly using password reset forms, guessing passwords, etc, or indirectly through spear phishing attacks.

    For example a birthday message from an old school friend that arrives on your birthday and comes from their name would be much more convincing than a random email with a link saying "click this".

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM