Social media hacks on the increase – 18/06/2019

 

An increasing number of organisations have reported data breaches due to unforeseen circumstances in the last year with most scenarios involving user data being stolen and then held for ransom demands to extort money from the victims. The data stolen usually includes email addresses, usernames, passwords and in extreme cases, driver’s licences, bank statements and the like. Social media is not been ignored in this regard and has now become one of the many targets due to the fact that it has become an integral resource for personal as well as business use.

With companies like Facebook (2.2 billion users), WhatsApp (1.5 billion users), Instagram (1 billion users), Twitter (330 million users) and LinkedIn (294 million users), the industry may appear to be too big to fail. The user base is also extremely diverse though and includes politicians, celebrities, CEOs and even pets – with all of the information involved just too tempting for hackers to ignore.

Through multiple breaches, massive databases have already been exposed and stolen from social media companies. From 2013 to 2019 Facebook reportedly had over 590 million records stolen, LinkedIn apparently had 8 million records accidently posted on the web, and in 2016 Twitter was reported as having had 32 million passwords hacked. Then in May 2018 Twitter advised all 330 million users of a password bug. The respective owners of these large social media organisations have often been taken to court to answer for their lack of security and privacy which allowed the data to be breached. One of the consequences of such breaches is the issuing of accounts to be used maliciously for fake posts. This is especially true for those users with large followings and/or hold positions of power in the world. Popular politicians and businessmen seem to be targeted specifically because of their influence in their respective fields of expertise and industry.

Local South African politicians may well have been the targets of such hacks, which one of them recently claimed had happened when a remark that appeared on his Twitter account didn’t receive a positive reception among the majority of the population in the country. But then there are those who claim that it wasn’t a hack but purely a means of escaping from the responsibility for unpopular suggestions as has happened elsewhere in the world among wily politicians. Whatever the truth, the local economy suffered as a result of international concerns about the comments that were made and if they were fake the reputational damage done to the parties concerned and the population as a whole certainly wasn’t.

One of the main issues at hand is that account security is not usually at the top of most people’s priorities. The vast majority of people don’t like changing their passwords regularly or having multiple, hard-to-remember passwords. The chances of a user’s Twitter password being the same as their Facebook, Instagram, Google, laptop and even online banking accounts is, in fact, highly likely. To make things worse, some users set passwords that they can remember easily, with the result that they are just too easy to guess. With some information about the user, most of us could make educated guesses as to what the password could be as people often base it on their pets names, a date of birth, their spouse’s name, or even their favourite food – with nearly all of this information being available on their social media profile pages. Some users will also set passwords like ‘admin’, ‘password’ or ‘1234’, etc. as these were the default passwords for a particular application and they simply didn’t bother to change them. Of the 330 million users on Twitter, it’s been noted that at least 32 million of them fall into this category.

With so much reported in the media on the problem of account security and the hacking problem we are experiencing, together with access to news and information pretty much at everyone’s fingertips these days, we can’t put all the blame on social media companies. Account forgery and fake posts get reported daily due to the lack of taking the necessary security precautionary measures by users, all of whom should be asking themselves the following questions about our their security and privacy:

  • Have I read the privacy statement when signing up for any accounts?
  • How easy is my password and/or username to guess?
  • What other accounts use the same details?
  • How often do I change my password, if at all?
  • How private is my account?
  • What information is publicly visible when Googling my name?
  • What information about myself am I sharing publicly when making posts?
  • What action have I taken when an account security alert is received?

These are all valid questions to ask oneself. One breached password could spell disaster for multiple accounts. Account privacy should be considered a larger concern than is currently the case as all reputable social media platforms offer settings to limit or completely privatise accounts. Leaving an account’s security and privacy settings as the default is the least secure option and is very often the easiest way to allow an account to be hacked.

All users should take some time to search for themselves (name, surname and email address) on Google.com (free) from a pc or laptop with none of your personal accounts logged in to see what information is publicly visible. Many will be surprised to see how much information one can discover just by running a few basic searches. If no concerning information is found, you are likely to be amongst the few that have taken the time to protect themselves. For the rest, they should start going through their accounts and look for security- and privacy-related settings. They need to be read through carefully and adjusted to the preferences. One should also go ahead and change passwords as well as enabling two factor authentication (2FA) as an extra measure of security.

The harsh truth is that we don’t actually know who already has our personal information that was exposed during a breach somewhere that we may well not have been aware of.