It doesn't take a cyber-security expect to know that you shouldn't share your email password or Social Security number on Facebook.

Not every risk, however, is that obvious. People share a lot of stuff online - perfect for criminals watching and waiting to break into their accounts.  So what should a cautious Internet user do? We asked experts from top security firms about the things you should never share online.

1. High school mascot

Go fightin' identity thieves! Yes, because "What high school did you go to?" is such a common security question, sharing your mascot can be like giving the bad guys your password -- especially if criminals already know your hometown.

"If you're asked what high school you attended, then you might be better served picking a rival school instead," Satnam Narang, senior security response manager at Symantec, told TODAY. "That way, even if the true information is available, it won't allow an attacker to easily reset your password."

2. Favorite movie

Sure, you really, really want the world to know you love "The Big Lebowski." But for your own sake, keep it to yourself.

"Mine is 'Bambi,'" James Lyne, head of global security research at Sophos, told TODAY. "It's a common security question, but one I personally never use for identification purposes."

3. Concert tickets

ZOMG, everyone is going to be so jealous of your Beyonce tickets. You snap a photo, share it on Instagram, and slap a #QueenBey hashtag on it.

The problem? That ticket probably has a barcode on it.

"Whoever gets hold of that barcode is the legal owner of the ticket and may be granted entry if they scan it at the venue," Bogdan "Bob" Botezatu, senior e-threat analyst at Bitdefender, told NBC News.

4. Your new video game

The above advice also goes for freshly purchased video games and software. Many of those boxes contain serial numbers. All a criminal (or unscrupulous friend) has to do is download the program, enter the serial number before you do, and they can void your purchase.

By Keith Wagstaff for