Default privacy settings for many online gift registries, and the common practice of never deleting them, have created an identity database for fraudsters who can search for names, addresses, parent or maiden names, and more.
A recent article from The Intercept detailed the data collected and default public privacy settings for wedding and baby registries setup with Amazon, who then shares this information with affiliate partners such as The Knot and The Bump.
Wedding registries collect the first and last names of both parties getting married and a mailing address. Baby gift registries also require a mailing address and a first and last name. While most who create gift registries share a link with their friends and family, there are also public registry search tools. By removing wedding or expected delivery dates, or by using browser developer tools, these public registry searches can go back decades.
While seemingly innocuous, these registries could provide key clues for fraudsters trying to take over an account or use stolen identity data. This is especially dangerous for child victims of identity theft, who are often targeted because the crime goes unnoticed for so long. By finding the wedding registry to the parents of this victim child, a fraudster will be able to pass the mother’s maiden question that is common for password reset questions and KBAs.
Here’s the bottomline: When creating a gift registry, be sure to adjust privacy settings so it is not public or searchable, rather you will have to share a link. Second, everyone should delete any old gift registries they no longer need.
For more information: