Yes, in fact, during my days of red teaming, if I couldn't get info on an HVT (think celebrity), I'd go after their not-famous relatives[1] and friends, who generally had very bad opsec/persec. It was extremely effective.
1. An effective tactic is to friend relatives and friends on social media. From there, you either get to the HVT's data because it's set to viewable for "friend of friend" or you be patient, friend more of their friends and family and eventually friend the HVT directly, using your "connections" as social proof.
A very famous celebrity family was very susceptible to this tactic. After this project, they... tidied up their social media permissions.
1. An effective tactic is to friend relatives and friends on social media. From there, you either get to the HVT's data because it's set to viewable for "friend of friend" or you be patient, friend more of their friends and family and eventually friend the HVT directly, using your "connections" as social proof.
A very famous celebrity family was very susceptible to this tactic. After this project, they... tidied up their social media permissions.