Yegor Sak has seen enough. The founder and CEO of Windscribe, the VPN provider known for its no-logs stance and open-source tools, delivered a blunt assessment this week. Those viral Facebook quizzes promising to reveal your spirit animal or 90s alter ego aren’t innocent diversions. They function as sophisticated data traps designed to collect answers that directly unlock financial accounts.
Sak’s warning lands with particular force. Banks and brokerages still rely heavily on knowledge-based authentication. Mother’s maiden name. Name of first pet. Street where you grew up. These details, once shared publicly or semi-publicly, become permanent liabilities. A leaked password can be reset. Childhood memories cannot.
“If a stranger walked up to you on the street and asked for your mother’s maiden name, your first pet, and the street you grew up on, you’d walk away,” Sak told TechRadar. “Wrap those same questions inside a ‘Which 90s sitcom character are you?’ quiz, and people happily type the answers into a database owned by someone they’ll never meet.”
The psychology proves devastatingly effective. One formulation triggers suspicion. The other sparks laughter and participation. Same information requested. Completely different emotional response. That difference creates the opening attackers exploit.
Sak calls each completed quiz “a credential reset form for a stranger.” Short. Direct. And accurate. The quizzes don’t need malware or sophisticated exploits. Users volunteer the data themselves, often tagging friends and amplifying the collection effort. One post can yield hundreds of responses within hours.
This pattern isn’t new. A 2020 investigation by the UK’s Information Commissioner’s Office revealed that personality-style apps on social platforms had harvested information from tens of millions of users, many unaware their details were being gathered and stored. The ICO report documented widespread data collection practices that operated in legal gray areas.
Yet the practice continues. And recent coverage shows the message still hasn’t fully landed with the public. The same TechRadar article published today, June 22, 2026, by Rene Millman highlights how these prompts mirror security questions with eerie precision. First car. First school. Favorite teacher. Collect four or five in a single quiz and the profile becomes detailed enough for targeted account takeover attempts.
Federal regulators have issued similar alerts before. The Federal Trade Commission cautioned consumers in 2023 that scammers use quiz answers to reset accounts and drain funds. “They use your quiz answers to try and reset your accounts, letting them steal your bank and other account information,” the agency stated in its consumer alert. Some operators even hijack legitimate social media accounts to spread the quizzes further, creating chains of compromised profiles.
The Better Business Bureau has echoed these concerns repeatedly over the years. Their guidance remains straightforward: treat every such request with skepticism. Even seemingly benign participation can feed databases used for identity theft or social engineering campaigns against family members and colleagues.
Sak pushes a more aggressive defense. Lie. Deliberately. Consistently. If security questions have already been compromised through past quizzes, users should immediately update them across banking, email, and investment platforms. Replace real answers with fictional ones. Treat those fields like secondary passwords. Remember them or store them securely. But never tie them to verifiable personal history.
“The data is gone,” Sak concluded in the TechRadar interview. “The only thing left to do is change your security answers everywhere, and stop using questions whose answers exist on the internet.”
His recommendation carries extra weight coming from a VPN executive who has built a business around protecting user privacy. Windscribe has faced its own scrutiny over the years, including past server seizures and audits of its no-logs claims. Yet the company maintains a reputation for transparency, publishing transparency reports and undergoing independent reviews.
The broader issue touches on how social platforms incentivize sharing. Facebook’s algorithm rewards engagement. Quizzes generate comments, shares, and time on site. The platform benefits. Third-party developers or attackers benefit. Users bear the risk, often without realizing the downstream consequences for their financial security.
Password managers help with complex credentials. Multi-factor authentication adds a layer. But knowledge-based questions persist as a weak link precisely because they feel personal and permanent. Once exposed, they undermine those other protections.
Financial institutions bear responsibility too. Many still default to these outdated verification methods despite known vulnerabilities. Security experts have advocated for years that banks phase them out in favor of stronger biometric or hardware-based alternatives. Progress has been slow.
Meanwhile, the quizzes evolve. New versions appear daily, often disguised as friendship tests or pop culture matchmakers. They ask for just enough detail to seem fun while gathering the precise data points needed for account recovery flows. And users keep answering. Millions have done so over the past decade, creating a vast reservoir of harvested personal information.
Sak’s timing feels deliberate. With growing awareness around data privacy and increasing regulatory pressure on technology firms, highlighting this particular vector forces attention on a threat that feels too trivial for many to take seriously. Until their bank account gets drained. Or their email gets hijacked. Or their identity gets used to open new lines of credit.
The solution he proposes requires discipline. Review every account that uses personal knowledge questions. Replace the answers with nonsense phrases or random strings that you document privately. Avoid any quiz that requests combinations of names and memories. And recognize that once shared, that information cannot be taken back.
Simple steps. Yet they run counter to human nature. People enjoy these quizzes. They spark conversations with old friends. They provide momentary entertainment in otherwise routine scrolling sessions. That appeal is exactly why the tactic works so well.
Industry observers note that social media companies could do more to flag or limit these apps. Past scandals involving quiz developers, including the Cambridge Analytica episode, led to some policy changes. But enforcement remains inconsistent, and new operators emerge constantly.
For now, the burden falls on individuals. Sak’s message cuts through the noise. Stop treating these prompts as games. Start viewing them as potential vectors for financial compromise. The gap between perception and reality has already cost people their savings. It doesn’t have to continue.
Banks could accelerate the shift away from static knowledge questions. Regulators could demand stricter oversight of apps that collect personal memory data. Social platforms could improve detection of suspicious quiz patterns. All those changes would help. But until they arrive, users must protect themselves with vigilance and, when necessary, strategic deception.
The next time a friend shares a link asking for your stripper name or Hogwarts house, pause. Consider what those answers might reveal to someone building a profile for account takeover. Then close the tab. The laugh isn’t worth the exposure.
WebProNews is an iEntry Publication