Yes, usernames can be cracked

A team of French security researchers are warning that cyber-criminals may soon be able to determine the identity of an individual simply by cracking his or her username.

Indeed, according to Daniele Perito at the National Institute for Computing and Automation Research, multiple names spawned by a single individual tend to be extremely similar.

To prove his theory, Perito used a statistics-based utility to analyze approximately 10 million usernames from across Google, eBay and MySpace.

As expected, a distinct naming pattern was positively identified.

The researchers then developed a method for cross-referencing usernames across various sites, and eventually, successfully mapped multiple names to a single physical user. 

“The tool can find linked usernames 50 per cent of the time with almost absolute accuracy,” explained Perito.

“But users tend to choose and change their usernames in predictable ways, and they tend to have a small set of distinct usernames.”

Of course, the above-mentioned technique could be replicated and exploited by nefarious scammers to create a detailed profile of Internet surfers, what they buy and which sites they visit.

This would help cyber-criminals deploy targeted spamming and phishing attacks. For example, cross-referencing eBay usernames with Google email accounts could facilitate pinpoint phishing campaigns.

“It’s [certainly] interesting research. If these techniques were extended, then far more sophisticated profiles could be created,” Symantec rep Patrick Fitzgerald told the New Scientist.

“But the ultimate risk is the information that people freely give away…People need to think about the consequences of sharing their lives on the internet.”


You can check out how unique your usernames are here.

(Via New Scientist)