In this paper, de-anonymizing internet users by actively querying their group memberships in social networks is considered. An anonymous victim visits the attacker's website, and the attacker uses the victim's browser history to query her social media activity for the purpose of de-anonymization using the minimum number of queries. A stochastic model of the problem is considered where the attacker has partial prior knowledge of the group membership graph and receives noisy responses to its real-time queries. The victim's identity is assumed to be chosen randomly based on a given distribution which models the users' risk of visiting the malicious website. A de-anonymization algorithm is proposed which operates based on information thresholds and its performance both in the finite and asymptotically large social network regimes is analyzed. Furthermore, a converse result is provided which proves the optimality of the proposed attack strategy.