Cybercasing 2.0: You Get What You Pay For
This research highlights a privacy and security problem for individuals in the U.S., as it exposes vulnerabilities in marketing data that could facilitate crimes like burglary, though it is incremental in building on prior work on cybercasing.
The study investigated the misuse of marketing databases for criminal purposes, demonstrating through experiments that these databases can be used to identify individuals likely on vacation and enhance 'bride to be' mailing lists with social media data, concluding that such data poses a security risk.
Under U.S. law, marketing databases exist under almost no legal restrictions concerning accuracy, access, or confidentiality. We explore the possible (mis)use of these databases in a criminal context by conducting two experiments. First, we show how this data can be used for "cybercasing" by using this data to resolve the physical addresses of individuals who are likely to be on vacation. Second, we evaluate the utility of a "bride to be" mailing list augmented with data obtained by searching both Facebook and a bridal registry aggregator. We conclude that marketing data is not necessarily harmless and can represent a fruitful target for criminal misuse.