The New York Times often takes an analytical look at trends, and when the NYT speaks, the country listens. The subject of today’s analysis: the recent popular “10 concerts” post train on Facebook.

The premise is simple: users post 10 concerts—nine of which they have attended, one of which is a lie. It seems innocuous enough. But the Times is reporting that engaging in this trend could pose a threat to your online security.

Does this sound like they’re taking it way too seriously? Maybe. But the case holds some weight when you consider the following: “Privacy experts cautioned it could reveal too much about a person’s background and preferences and sounds like a security question—name the first concert you attended—that you might be asked on a banking, brokerage or similar website to verify your identity,” according to the report.

In other words, if you have this as a security question, and you continue the Facebook trend, you might get hacked and lose all your money.

Michael Kaiser, executive director of the National Cyber Security Alliance, added another point: the list could reveal personal information that target marketers will use to reach you with their products. Pretty creepy.

“You are expressing things about you, maybe in more subtle ways than you might think,” Kaiser said.

The experts interviewed by the Times recommended being hyper-vigilant and maybe even a little paranoid.

“People always have to have their eyes wide open when they’re on the internet,” Kaiser said. “It’s the way of the world.”

This might be an overreaction, for sure—it might sound a lot like your mom lecturing you—but at least it’s something to consider before posting about those 2 Chainz and Drake concerts you hit up last year. The more you know.