My Social Media Account Was Hacked; Now What?
Nearly two in three U.S. adults with personal social media profiles believe they’ve been hacked, according to a 2016 survey by the Harris Poll. Whether it’s Yahoo and its data hack that’s impacting up to 1.5 million email accounts or the Twitter breach that had millions of Britney Spears fans thinking she was dead, bad guys have made hacking social media and email accounts one of their favorite pastimes.
And it’s not only to shock the world or hack into a famous person’s Twitter account. Hackers can get a treasure trove of information that can be used to steal a user’s identity, trick their friends and family and clean out their bank and investment accounts. “A social media hack is probably the worst thing that can happen to you online because so much about you is displayed on social media sites,” says Darren Guccione, CEO and co-founder of Keeper Security, a password manager and secure vault company. “If your Facebook account was hacked, the hacker will know who your friends are, what products and services you like on Facebook and learn about your personal attributes, such as your age, date of birth, name and where you live.”
That’s not all. In addition to getting your privacy violated and your identity potentially stolen, there’s all that data saved on social media that can be held for ransomware or worse deleted. In April, the Federal Bureau of Investigation said ransomware is on track to be a $1 billion a year income driver for the bad guys. With a ransomware attack a hacker encrypts all of your data and requests payment, usually via virtual currency such as bitcoin, in a set upon time frame. Don’t act and the data is deleted.
Why a social media hack can be devastating
Having your social media accounts hacked can be devastating on multiple levels, yet most people don’t take the basic security steps necessary to prevent them. According to Guccione, many of the account breaches on social media come via phishing attacks where hackers will send official looking emails to consumers, hoping they will click on the fake links, provide their user logon and password and thus turn over the keys to the castle.
Being more skeptical of the emails you receive can go a long way in protecting yourself online. “If they capture the logon credentials for one website, there’s a 60 perce nt chance the consumer used the same log-on credentials on all of their websites,” Guccione says. “Most people memorize two or three passwords and use them across all their sites.”
Complex passwords provide more protection
Security experts also extoll the benefits of two-factor authentication and the use of password managers as a way to defend against hacks. “The biggest thing right now is something really easy everybody can do and that’s use two-factor authentication,” says Joe Gervais, director of security communications at LifeLock, the identity theft company. “With it they send a little code or text message to your phone to make sure it’s you.”
That way, even if someone learns your logon and password, it would be much harder to get into the account, Gervais says, noting that it will also tip you off if your account was hacked.
Gervais says using a password manager also can go a long way toward keeping the bad guys out. A password manager creates unique, long, complicated passwords that you don’t have to remember. “Once you have it set up it saves so much effort and is much more secure,” he says.
Being proactive can prevent a big mess
For social media users whose accounts were breached, there are steps they need to take to ensure their safety online and offline as well as the security of people within their network.
Heather Battison, a vice president at TransUnion, the credit rating agency, says the first step is to change passwords not only for the breached website but every website you log on to. “Consumers are juggling increasing numbers of online accounts and passwords, and it can be tempting to use the same password for all of them,” Battison says. “But reusing the same password for multiple accounts significantly increases your exposure.”
It’s also important to inform everyone in your network that you were hacked and to stay on top of credit card and banking activity in the days after your social media account was compromised. Experts say to report the breach to the Federal Trade Commission and alert the credit rating agencies, including TransUnion, Experian and Equifax, of any suspicious activity you identify.