An alluring game on Facebook is coming under intense scrutiny—even though its original intent seems pretty harmless. People are posting lists of the top 10 concerts they've ever attended, including one that they actually didn't attend, to compare and see who can spot the lie.
But Facebook users could be unwittingly publishing information that hackers can use to answer online security questions—the first concert you ever attended is a frequent such prompt—and then access accounts and passwords, reports the BBC.
"I wouldn't do it," one professor warns. "Think very carefully about what you are putting into the public domain." A cybersecurity expert says that the problem isn't so much the game, but "rather that somebody thinks it is a good idea to use questions like that as security credentials." It's far from the only con in the works: CBS News reports that Facebook is dealing with a fake Mother's Day coupon scheme, and experts are warning Gmail users about a phishing scam so convincing that unwitting IT experts have forked over their passwords, reports the Sun.
While it's unclear whether the top 10 concert list was concocted by criminals, "they are not stupid and they will see the potential in it," the professor says.
For now, those who really want to play the concert game are advised to change their privacy settings to "friends only." (It turns out the tilt of your phone could make you vulnerable to hackers.)
This article originally appeared on Newser: Experts Issue Warning on Facebook Concert Craze.