Social Experiment Reveals That 78% of People Are Willing to Give away Their Personal Data for a Cup of Coffee
Cybersecurity company Surfshark organised a social experiment at a Manhattan cafe, showcasing people’s level of awareness on data privacy. During the one-day event titled “Food for Data,” cafe visitors were presented with a menu of drinks and snacks, but instead of regular dollar prices, customers were asked to provide personal data. For instance, a cappuccino cost your full name, and a flat white cost your email address. The social experiment revealed that 78% of cafe visitors were willing to give away their personal data for something as minor as a cup of coffee.
"Surfshark’s cafe experiment highlights the real price tag behind ‘free’ products or services: our personal data. Just as patrons exchanged their information for a cup of coffee, online users often give up their data without much thought. But once you put your data out there, its fate is uncertain — it could fall into the wrong hands and be exploited without your knowledge. Surfshark’s research shows that in the past 20 years, over 3 billion US email addresses have been leaked, opening people up to all sorts of dangerous cybercrimes, from identity theft to carefully crafted phishing schemes. We want to encourage people to protect their data vigilantly to avoid these risks", said Vytautas Kaziukonis, Surfshark’s founder and CEO.
Surfshark has been vocal about data breaches for years — their Data Breach Map reveals that:
- The US already had 90.4 million leaked email addresses in the first quarter of 2024, adding up to 3 billion leaked accounts in the past 20 years.
- The US is the number one country globally in data breaches, highlighting the country’s urgent need for heightened cybersecurity measures.
- North America is the second most breached continent in the world, accounting for 20% of the breaches (3.5B).
- Globally, 17 billion accounts have been breached since 2004.
Surfshark’s cybersecurity lead Aleksandr Valentij explains in more detail the risks users face when they overshare their personal data:
“First off, oversharing your data can lead to increased spam. But that’s just the tip of the iceberg. If your data ends up leaked on the dark web, you’re at risk of:
- Phishing — you might receive emails or chat messages that appear to come from trusted sources but that are actually from hackers trying to extract your sensitive data or to get you to click on a malicious link or attached file. These are mass campaigns targeted at many people at once.
- Spear phishing — a targeted scam that’s specifically tailored for you based on the hacker’s extensive knowledge about you. Hackers could use information obtained from data breaches, like your job title or school affiliation, to make the phishing emails seem more convincing.
- Identity theft — with enough of your leaked information, hackers might be able to steal your identity, potentially resulting in financial fraud and damage to your credit score. They may also conduct Illegal or unethical activities using your identity, which may tarnish your personal and professional reputation.
- Cyberstalking — criminals may exploit leaked data, such as names, usernames, gamertags, home addresses, or phone numbers, to harass, intimidate, or even physically harm individuals through online or offline means.
- Takeover of your online accounts — overshared data may be used to hijack your online accounts, as it may help to bypass security questions or generate custom dictionaries for more effective password cracking attacks. Also, this data may be used to locate your other valuable online assets.
To protect yourself from these risks, be vigilant before sharing your data, especially data as sensitive as your home address or phone number. It’s always better to err on the side of caution.”, Aleksandr stated.
Disclaimer: no data was actually collected during the event. As a cybersecurity company, Surfshark takes user privacy very seriously (this is reflected in the no-logs policy).
