Get the latest from TODAY

Sign up for our newsletter
 / Updated  / Source: TODAY
By Keith Wagstaff

It doesn't take a cyber-security expect to know that you shouldn't share your email password or Social Security number on Facebook.

Not every risk, however, is that obvious. People share a lot of stuff online — perfect for criminals watching and waiting to break into their accounts.

So what should a cautious Internet user do? We asked experts from top security firms about the things you should never share online.

1. High school mascot

Go fightin' identity thieves! Yes, because "What high school did you go to?" is such a common security question, sharing your mascot can be like giving the bad guys your password -- especially if criminals already know your hometown.

"If you’re asked what high school you attended, then you might be better served picking a rival school instead," Satnam Narang, senior security response manager at Symantec, told TODAY. "That way, even if the true information is available, it won’t allow an attacker to easily reset your password."

2. Favorite movie

Sure, you really, really want the world to know you love "The Big Lebowski." But for your own sake, keep it to yourself.

"Mine is 'Bambi,'" James Lyne, head of global security research at Sophos, told TODAY. "It's a common security question, but one I personally never use for identification purposes."

3. Concert tickets

ZOMG, everyone is going to be so jealous of your Beyonce tickets. You snap a photo, share it on Instagram, and slap a #QueenBey hashtag on it.

The problem? That ticket probably has a barcode on it.

"Whoever gets hold of that barcode is the legal owner of the ticket and may be granted entry if they scan it at the venue," Bogdan “Bob” Botezatu, senior e-threat analyst at Bitdefender, told NBC News.

4. Your new video game

The above advice also goes for freshly purchased video games and software. Many of those boxes contain serial numbers. All a criminal (or unscrupulous friend) has to do is download the program, enter the serial number before you do, and they can void your purchase.

Some people even program bots to search social media for serial numbers, Botezatu said, giving them access to new copies of "Mortal Kombat X" and Adobe Photoshop without having to do any work.

Sharing a photo of your brand-new Xbox One or PlayStation 4 game also lets thieves know what high-tech goodies you have in your house.

5. Revealing (kind of) Instagram photos

For the most part, posting a duck-faced selfie on Instagram is annoying, but not a security risk. Well, not most of the time, anyway.

"Check your Photo Map settings before you publish your photos," Narang said.

The Photo Map feature provides a fun way to look back at all of the cool places you have visited. That is usually done by tagging where a photo is taken.

"If you don’t specify a location, it will use your GPS coordinates as the location of the photo," he said.

That can be a problem if you are snapping pictures at home. To keep your location private, an Instagram spokesperson recommended that users review past photos, switch the "Add to Photo Map" feature off before sharing a picture, or keep their account private.

Of course, even photos that aren't geo-tagged can invite trouble. Sharing vacation snapshots can be fun, but they also tell criminals you aren't at home.