Please read if you use Facebook

[RoloAddict]

So this week we had a new IT manager start in our department at work. Met him for the first time yesterday.. Today was called into a meeting with him along with other staff. He then proceeded to reveal that he'd taken a look at each of our Facebook profiles the previous evening. What he revealed about mine was shocking . By using my Facebook profile and nothing else but good old Google (he proved this by showing us how he did it) he had managed to find out..

My full address including house number!
My DHs full name
My maiden name
Our wedding date
My Dd's names, dates of birth and the sports club they attend.
My stepdaughters name and the school she attended
That I have a stepson.

Needless to say I was horrified. This man was a virtual stranger. We had no mutual friends and I'd never met him until yesterday. I've obviously changed my privacy settings entirely since then. Before I just assumed they were set so that only friends could view them. Can I PLEASE remind and encourage all of you (plus family and friends) to check your settings throughly. We were lucky this time that the person in question didn't mean us harm but it's been a huge wake up call.

Jeez Bilben you should NEVER email a copy of your passport to ANYONE!!!!! Solicitors and prospective new employers will want to see your passport and will photocopy it when you are visiting them. FB does not need or want it. You've already been had. It's this level of ignorance the IT manager is working to improve.

I think that was a really good idea of the new starter.

It's fine to share whatever you like, so long as you know what you're doing. It's clear OP didn't realise how much of her information was public.

Please don't have your children as your cover photo or profile photo.

Your "top photos" (change in your profile page) are always public. Mine represent me but are non-identifying.

Take the Privacy Checkup. Hide your birthday, phone number, job, email address, etc. Don't fill in optional fields such as religion and political views.

Turn off tagging, or require proactive permission. Decline most tags.

And it doesn't matter what permissions you put on a photo because anyone who can see it can download the full photo straight off FB and use it however they like. Anything you ever write can be screenshotted and Photoshopped.

It's a good reminder.

Actually @TwitterQueen1 they do and have asked for that- see the link: m.facebook.com/help/159096464162185

It's all apparently treated carefully and destroyed.

Personally I don't understand how you could not know that facebooks default setting is for everything to be private. But even without Facebook, it is quite easy to find out information. I tried to track down an estranged family member a few years ago- I knew her year and area of birth, one of her parents names, net name and roughly when she got married. I was able to find her birth certificate, marriage cert, and her kid's birth certain. From that I could find an article about one of her sons who represented his school on a sporting event, his twitter account, the fact his twitter account was followed by a totally private account in the name of his brother, which confirmed he was the right person, and then from that the fact that the 'relatives name' who on LinkedIn worked on the same village as the school was probably the one I was looking for.

Personally I'm much more concerned about the information asked for in things like store cards. But I think the IT manager clearly did something useful for the OP, and it's worth repeating for others- though again, you used to be able to look up everyone's address in the phone book, so I'm not convinced this information is as confidential as people make out.

Sorry- obvs I meant default is for everything to be public.

“DreamyMcDreamy

No, they want my mother's maiden name, not mine.

So if I had a public profile and bandied around my maiden name - if my teen was looking for a job and took the same slack approach to security as I did, it'd be easy to find out the maiden name of his parent - bang.“

But they don’t just have to find out my mother’s maiden name, they have to find out the account details and companies that that security question relates to. They might be able to find out my mums maiden name was smith, but how do they find out my bank is NatWest and my account number is 123456?!

I'd just assumed that FB would be set up with settings to automatically hide stuff like life events (such as wedding day)

I have lots of friends who post 'Out for a meal, married 8 years today!'; photos of their children's birthday parties where you can work out their DOBs; their sports clubs, when they are away on holiday, etc etc. Boggles my mind. Glad you are raising awareness.

Ah, thanks Giraffe. I stand corrected :)

My address and mother's maiden name are not even included in my Facebook profile, you include the information you want included in your Facebook information. And I check regularly to make sure there's very little that's public.

I'm ultra careful, as my DDs are adopted and I don't want their birth family to be able to do a search for them.

My husband has ancestry and findmypast accounts and you can find out lots of useful information on those websites. He was able to find someone I'd been at school with, find her married name and then I was able to find her on FB. At the moment it's still easier for women to "hide" from school"friends" because they usually still change their surnames when they get married. The same does not tend to apply to men.

Anwyay I just looked at my profile as a non-friend would see it. Interesting that when you change the cover photos they are public and so are the comments by friends. And so are the tags. So someone can see on one photo who I am married to as my DH is tagged (at least you can assume he's my husband, could be a brother I suppose) and it would be an easy job to go to a website, look up our names and find out where and when we got married. One step towards identity theft. Time to look at the settings again!

Facebook is dangerous if not used correctly but some people are beyond stupid so what can you do .

We are currently advertising a house to rent , I’ve been able to weed out several unsuitable tenants just by having their name.

I'm stunned that FB have the audacity to ask for passports, no way would I send them my passport! It's just Facebook!

Unless you work for MI5, why is this your employer's business and why is he wasting time holding meetings about it?

I have to say when I see someone with an open profile on FB, I already think they might not be the sharpest, even without looking what's on there. If I was a potential employer I would be off by someone with an open profile regardless of what was on it because I would question their judgement. If you have a business to promote then have a separate page for that.

Still don't see how this came under the remit of the IT managers role of the Ops place of work though. They are all already employed there anyway!

If some pisher decided to make an example of me in front of my work colleagues I'd be extremely unimpressed.

He didn't - he gave the info gathered to individuals privately. However if you post stuff in public you are in no position to complain when people repeat it.

Where does it say it was done privately?

Today was called into a meeting with him along with other staff. He then proceeded to reveal that he'd taken a look at each of our Facebook profiles the previous evening. What he revealed about mine was shocking

OP at 00:57:01
He didn't reveal all in front of us. Just gave us each an individual envelope with a piece of paper with the information on.

Once during a hiring process DH idly googled some of the candidates he'd interviewed that day. One of them had a very public FB profile. It was clearly him: photos all matched, and ...

... and oh he had a status about how the interview had gone, how he was going to walk it etc etc. It was for a job in a field where security is hugely important.

Not shortlisted, put it that way.

Slightly off topic, but when MN was hacked and someone posted a list of all the user names and passwords online there were loads of passwords like password and mumsnet. It’s shocking really.

Fair enough, he gave them envelopes. Not sure why calling everyone into a meeting together was necessary then? Couldn't he have emailed people and then said if you are interested come and see me for an envelope.

I don't know, it just all seems a bit show boaty to me?

My son's office ( in investment) had a talk from their cyber security contractor. Freaked them out over how quickly he could break passwords - and his audience were all very IT and coding literate.

I have a friend who blithely announced that she has the same password for everything ( and her email is a real.name@ISP one) I had to lead her through why that was a bad idea.

He sounds very sensible angd clearly has helped you better protect your children and family.

He sounds very sensible angd clearly has helped you better protect your children and family.

Again don't understand how 'helping you better protect your children and family' comes under his role as IT manager at OPs company? Yes, it's good information to know. Is it this guys job to ensure the OP has this information?

Slightly off topic, but when MN was hacked and someone posted a list of all the user names and passwords online there were loads of passwords like password and mumsnet. It’s shocking really.

Yes, though it was far more shocking that the passwords existed unhashed.

But I think it’s a bit off that an IT person rifled through people’s history without their permission.

See, this thinking is completely skewed. Without their permission?! Publishing personal information, posting photos of your holiday/you/your kids/your fallings out with your neighbour/bust up with your DP etc YOU YOURSELF are giving the whole world permission to go gawping and riffling through your stuff!
OP was lucky she got to find out through someone with no sinister intentions and just an IT Manager.
Honestly, some people are clueless if they think "oh heck, they haven't got permission, how dare they!"
Don't put things out into a public, international website then! It's just like going and posting your life on a massive bill board in the middle of town and then crying when someone dares to look at it as they weren't supposed to.

This is why I have a second Facebook profile which I use to check my main one. Nothing shows up on mine.