Not just ‘friends’ check in on Facebook
The bedroom door creaked open. Nancy Ryan saw her husband entering. Only it wasn't her husband.
"I yelled, 'What?!' " Ryan recalls.
The intruder doubled back and shut the door. Two sets of footsteps scampered down the stairs.
This was back in January, when Ryan's Facebook account still bore the status she typed two days earlier: "Vacation!"
"What I meant was that I was gonna have a week off from the show," says Ryan, a comic who performs nightly in "X Burlesque" at the Flamingo Las Vegas.
Purchasing something online with a credit card almost always raises the caution flag. Yet rarely is a second thought given to posting social networking updates that could do worlds more harm.
"It's really hard to say whether it's related to Facebook," Ryan says of the break-in, although she says a police officer assessed the possibility as "strong."
Once Ryan was safe, she and her husband -- who had been sleeping in another room -- discovered all the missing items.
"You're giving people easier ways to break into your e-mail, your bank account and your home," says Internet security expert Thomas Ryan.
The co-founder of New Jersey-based Provide Security, Ryan claims that -- using sophisticated but readily available software -- he can track anyone's nearly every move on the Web using three of the most common pieces of information posted to Facebook: a name, a mobile number and an e-mail address.
"It can lead to complete identity theft," he says, "or much worse."
Ryan made headlines last year by creating a fictional femme fatale who connected with hundreds of government higher-ups on Facebook, LinkedIn and Twitter. These included the chief of staff for a U.S. congressman, a Marine Corps intelligence official and several senior executives at defense contractors. (Ryan revealed details of the ruse at the BlackHat technical security conference at Caesars Palace in July.)
"I was able to find out where they lived, when they were home, and identify photos of their entire family," Ryan said. "So, if I was the bad guy ... "
The R-J didn't even have to stray outside the crew of the same exotic dance show to find another cautionary Facebook posting tale. "X Burlesque" producer Angela Stabile checked her Facebook wall one night last year from her phone and noticed a cool new feature. "Check in" allows users to broadcast their presence at select locations.
Ten minutes after Stabile checked in at the bar Sierra Gold, in walked a man she dated six years earlier.
It was not a happy reunion. According to Stabile, he stalked her for months after she broke it off.
"I was like, 'What?' " Stabile says. "I'm not even friends with him on Facebook!"
Yes, but Stabile was friends with the man's sister.
"She either told him or he saw it on her computer or something," she guesses.
Stabile promptly exited Sierra Gold and has not used the "check in" feature again.
Since her burglary, Nancy Ryan has taken more drastic protective measures.
"We moved, and I hardly post on Facebook anymore," she says.
Ryan also deleted 1,000 of her 2,000 Facebook friends.
"Everyone I didn't know," she says.
Contact reporter Corey Levitan at clevitan@ reviewjournal.com or 702-383-0456.
SAFE FACE
Here are Facebook security tips from Internet safety expert Thomas Ryan
1. Never reveal your location in an update or comment, or by "checking in" via the Facebook mobile application.
2. Block your cell phone from knowing where it is. (On the iPhone, for example, go to "settings," then "general," and turn off "location services.") This way, it won't ever secretly reveal your location. (For instance, when you upload a photo, your phone may, by default, encode that photo with the latitude and longitude of where it was taken.) Reactivate location services only when GPS or mapping applications are more beneficial than privacy.
3. Switch privacy settings for all Facebook info to "friends only," indicating who is allowed to view it. (Some default to "everyone.")
4. List only a work phone number and work address.
5. Don't tag/identify anyone as a family member. ("What if the security question with your bank is your mother's maiden name," Ryan asks, "and your mother is listed on your Facebook account with her maiden name?")
6. Don't friend strangers. (If you must for business, then place them into a previously established friend category blocked from viewing all sensitive information.)
7. Don't subscribe to any Facebook game or third-party app. ("Some of them gather your information illegitimately," Ryan says. "Not all of them, but you can't tell which.")
