To share or not to share? Secrets behind the popular “share” button

The share button is not as innocent as it seems. You might be animated by the best intentions when you click it and we don’t want to ruin it for you. On the contrary, we want to add one more: sharing is caring for your data, too.

Fact: A data haul of more than 40 million records belonging to ShareThis users was put up for sale on a dark web marketplace in February 2019.

The 2.7 GB of leaked data included unique email addresses, names, usernames, hashed passwords, and additional profile information such as gender, birth date and addresses. Although there were no signs of financial compromise of users, ShareThis did deactivate accounts and prompt customers to change associated passwords so that malicious actors couldn’t access user accounts.

Was your data exposed in the ShareThis breach? Find out now.

Behind the scenes of the “share” industry

Behind every “share” button there is a company (Share This is one of them) that offers this easy-to-use website-integrated tool to publishers so that they can promote content across channels.

When you share a post or an article, the tracking technologies (including cookies) they use help them create a comprehensive view of your interests, likes and dislikes. These companies enrich the ads and tracking ecosystem by creating user profiles to increase customer engagement and target personalized advertisements.

On top of the customizable social sharing tools, ShareThis collects data about how internet users interact with websites, ads and various content – this happens without the user ever creating an account on their platform. Web pages viewed, country of residence, IP addresses, device IDs, time spent on a webpage and information about the user’s browser are just some of the data points collected and analyzed.

What can you do? Read the Privacy Policy, check if you were exposed.

It’s hard to keep track of how your data is gathered or shared with third parties. Taking time to read the privacy policy of websites and platforms you engage with can help paint a clearer picture.

The good news is that no contact data, such as names, addresses, phone numbers, or financial information, is collected on a regular internet user. Also, according to the privacy policy, email addresses of internet users who chose to share content via email are not collected. The platform, though, may obtain hashed email addresses from partners and advertisers – read more here.

However, like any online service providers, once you subscribe or create an account, you willing to provide particular data that make up your profile. Any content publisher or blogger, who creates an account on the website, will need to provide a valid email address and password or choose an alternative login method, which may create additional ripples in the data-gathering process.

The value of user information in data marketplaces is invaluable. As you may know, particular datasets can be easily linked to individuals in real life. While this data may simply enable better ad targeting, you can never know where or how your information is used.

Becoming a privacy-conscious internet user takes time and commitment. As a first step, you can check if and what personally identifiable information has been compromised in a data breach with Bitdefender’s Digital Identity Protection tool.