The last couple of years have witnessed far too many companies reporting data breaches due to unforeseen circumstances. In most of these scenarios, user data is stolen and used as ransom to extort money from their victims. The data stolen usually includes email addresses, usernames, passwords, and in extreme cases, driver’s licences, banks statements and the like. Social media has not been ignored in this regard and it is one of the many targeted technologies today.
Why social media one may ask? Isn’t it just site with random posts, funny memes and a way for people to connect with each other? Yes, indeed it is, and that’s exactly why social media has become such a big target for criminals. For many people, social media has become an integral resource for both personal and business use. With companies like Facebook (2.2bn users), WhatsApp (1.5bn users), Instagram (1bn users), Twitter (330mn users) and LinkedIn (294mn users), the industry is almost too big to fail. The user base is also extremely diverse and includes politicians, celebrities, CEOs and even pets. All this information is like honey for the hackers.
Monstrous databases have been exposed and stolen from social media companies through multiple breaches. From 2013 to 2019 Facebook reportedly had over 590M records stolen, LinkedIn had 8M records accidently posted on the web, Twitter had 32M passwords hacked in 2016 and in May 2018 advised all 330 million users of a password bug. We’ve also seen the media company owners taken to court to answer for their lack of security and privacy which allowed the data to be breached in the first place. However, this does not eliminate the issue of accounts being used maliciously, as in the case of fake posts. This is especially true for those users with large followings and/or who hold positions of power in the world. Popular politicians and businessmen seem to be targeted specifically because of their influence in their respective fields of expertise and industry. Local South African politicians have recently claimed to have been victims of Twitter hacks due to a fake tweets supposedly posted by them.
Whether these tweets are intentional or not is not up for debate. The issue at hand is that account security is not usually at the top of most people’s priority lists. The vast majority of individuals don’t like changing their passwords regularly or having multiple, hard-to-remember passwords. And the chances of a user’s Twitter password being the same as their Facebook, Instagram, Google, laptop, or even their online banking accounts is usually very high. To make matters worse, some users set passwords that are too easy to crack or even guess. With some information about the user, most others could make educated guesses as to what the password could be as people often base their passwords on pet names, a date of birth, their spouse’s name, or even their favourite food. And then there are those who set passwords like ‘admin’, ‘password’, or ‘1234’, etc. due to a lack of concern for security and privacy. Of the 330 million users on Twitter, it’s clear that at least 32 million of them fall into this category.
With so many reports and access to news and information at everyone’s fingertips, one can’t put all the blame on social media companies. Account forgery or fake posts get reported daily due to the lack of action by users. We all need to ask ourselves a few questions about our own account security and privacy, including:
- Have I read the privacy statement when signing up for any accounts?
- How easy is my password and/or username to guess?
- What other accounts use the same details?
- How often do I change my password if at all?
- How private is my account?
- What information is publicly visible when Googling my name?
- What information about myself am I sharing publicly when making posts?
- What action have I taken when an account security alert is received?
These are all valid questions to ask oneself. One breached password could spell disaster for multiple accounts. Account privacy should be a larger concern than it is currently as all reputable social media platforms offer settings to limit or completely privatise accounts. In many cases, users sign up for an account and leave the security and privacy settings as the default setting. The default options are the least secure and usually the easiest way to allow an account to be hacked.
Ideally one should take some time to search one’s personal details online (name, surname and email address) on Google.com (free) from a pc or laptop with none of your personal accounts logged in to see what information is publicly visible. Another great website to check is Haveibeenpwned.com which checks whether personal accounts have been breached and which databases they appear in. Many will be surprised to see how much information one can discover just by running basic searches. If no concerning information is found, you’re among the very few that have taken the time to protect themselves. For those who have bene compromised, start by going through one’s accounts and look for security and privacy-related settings. Read through them carefully and adjust them to your preference. Also go ahead and change your passwords as well as enabling two factor authentication (2FA) as an extra measure of security.
The harsh truth is that no-on really knows who already has their personal information that was exposed during a breach. Information is as valuable and there are groups and individuals out there that will pay for it. Don’t become a victim by believing that it will never happen to you.