Social media and dating sites can be loaded with people looking to misuse your personal information. It can also be a great source for attackers to gather information about you to attack your other services (banking, email, etc.).
Recent news shows data from 117 million compromised accounts was being sold from the 2012 LinkedIn breach, far worse than the 6.5 million accounts originally thought. The Myspace breach, occurring one year later in 2013, is reported to be one of the largest password leaks with 427 million passwords stolen. Other breaches include 65 million Tumblr accounts, 6 million Facebook accounts, and 250,000 Twitter accounts all occurring in 2013. Why is this only now becoming news? Much of this data has been recently made available for sale, stirring up commotion in the social media world. Even Facebook Founder Mark Zuckerburg reported having his Twitter, Pinterest, and LinkedIn accounts hijacked likely from the data that recently became available from the 2012 LinkedIn breach.
Why do Attackers Target Social Media?
Social media users post a large amount of personal information on their accounts, and often don’t follow proper security protocols. Everything from first and last names and where they live to pet names, past employment, and favorite vacation spot every year are available on profiles. This gives a wealth of information for an attacker to work with. Additionally, social media users are often more than willing to connect with people they don’t know, allowing the attacker to continuously infiltrate accounts.
Social media has become one of the most popular ways to share and stay in touch with friends, family, and fans. In fact, research shows that 76% of online adults use social media networking websites. That’s over 2.2 billion people worldwide with accounts on popular websites like Facebook, Twitter, and Linkedin. With such a large target, it’s no surprise attackers look to hack social media accounts.
How Can I Protect Myself?
Social media users must understand the value of information posted to their accounts. A public account completely filled out will allow anyone to see personal information and potentially use it against them. In less than 15 minutes, a hacker could find out your full name, where you live, where you’ve worked, your closest friends, birthday, phone number, and email address. With a little more digging, they can determine your favorite sports teams, pet names, hobbies, and more. Since many passwords incorporate personal information, hacking an account becomes easier.
Luckily, there are several ways you can protect yourself from an attack.
- Use a secure passphrase. A secure passphase is different than a standard password. Passphrases are typically longer than passwords and contain multiple words or strings of characters that create a phrase. Your passphrase should contain at least 16 characters, including numbers, symbols, uppercase, and lowercase letters. Don’t use personal information such as a birthday or pet’s name. Don’t reuse your passwords either, and change them often just in case. Learn more about creating a secure password and using a password manager.
- Enable 2FA across all available sites. Two Factor Authentication is an additional layer of security used when logging into accounts. A website will send the user a security token, usually through a phone, that needs to be entered in order to access the account. Social media websites including Facebook, LinkedIn, Google+, SnapChat, Tumblr, and Twitter all support 2FA. To find out how to enable 2FA, check out your security settings within the account. Wondering if your other favorite websites support 2FA? Check out https://twofactorauth.org/.
- Limit the information you provide and who it’s provided to. There are many fake accounts out there looking to gain information on you. Be careful who you connect with, and make sure it’s someone you know and trust. Be mindful of the data you post as well. You may not only be giving away information about yourself, but others you connect with. Lastly, make sure your profiles are set to private. Limiting who can see your information can greatly reduce the chances of someone using information against you.
What Happens If My Account Has Been Hacked?
If you have any doubts, there are several websites out there such as haveibeenpwned.com that can help determine whether your accounts have been compromised. If any of your social media accounts have been compromised, you should:
- First, change your password immediately. Make sure to change it to a strong passphrase. If you used this password or a variation of this password elsewhere (which you shouldn't be!) change it there as well.
- Alert your followers. You may not want to admit your account has been compromised, but you can save others from being victimized by alerting them not to click on any links in your posts or trust any activity that's coming from your account.
- Look at the applications page of your social media account. Remove any apps you don’t recognize or don't use. If the account continues to behave erratically, revoke access to all applications. Many times, bugs within these applications provide vulnerabilities allowing hackers to access your account.
- Contact support if needed. If you're having problems regaining access to your account or continue to have issues with fraudulent posts, support can provide you with the appropriate next steps.