Researchers crack Social Security number code

Two researchers at Carnegie Mellon University have formulated a method to predict a Social Security number with little more than the individual's date and place of birth.

The researchers said that the findings could pose serious threats to the use of Social Security numbers to protect personal data, and could increase the risk of identity theft.

The Social Security office has been assigning a nine-digit number to each US citizen since the 1930s. The numbers are often used by financial and health institutions to verify identity.

This 70 year-old system has become "obsolete" for use in authentication practices, such as passwords or access codes, according to the researchers.

Key to the study was the Social Security office's public 'death file' database, which is used to track the Social Security numbers of the deceased in order to prevent fraud and identity theft using those numbers.

By analysing the death database along with other statistical information, the researchers were able to construct a method by which an individual's birth date and state of birth could be used to guess the person's number with "great accuracy".

"In a world of wired consumers, it is possible to combine information from multiple sources to infer data that is more personal and sensitive than any single piece of original information alone," said researcher Alessandro Acquisti.

"Given the inherent vulnerability of Social Security numbers, it is time to stop using them for verifying identities, and redirect our efforts towards implementing secure, privacy-preserving authentication methods."