Be careful with social networking sites like facebook and myspace.  A recent study published in The Proceedings of the National Academy of Sciences proves that a social security number can be guessed based on the individual’s date of birth and birthplace.

Consider, for instance, an attacker who rented a small botnet (10,000 IP addresses) to apply for credit cards impersonating 18-year-old West Virginia-born U.S. residents (whose state and
dates of birth he has obtained from commercial databases).  Assuming that an IP address gets blacklisted by an online credit card issuer after 3 incorrect attempts, that the criminal distributes his or her attacks across 20 issuers and can find birth data for 50% of the potential targets, and that inquiries with the correct first 7 of 9 digits are sufficient for a CRA to answer with a positive match in 50% of the cases, he could harvest credentials at rates as high as 47 per minute, obtaining [approximately equal to] 4,000 credentials within 2 h before his or her IPs are blacklisted…

• A botnet is a group of computers that can be remotely controlled with malicious software, often times referred to as zombie computers. 
• IP addresses are like the home address for a computer on the internet.  It is your computers’ identity while surfing, browsing, emailing, instant messaging and anything else online.
• CRA, in this instance, is for Credit Reporting Agency.

So, what have we learned today?  With the help of social networking, in 2 hours an identity theft can steal 4,000 social security numbers within 2 hours if he has a small botnet of 10,000 IP addresses.  Keep your profiles private. 

Source:  PNAS via InformationWeek, Image