This month, the hacking group OurMine took over at least 11 social media accounts of NFL teams. Their goal, they said, wasn’t anything nefarious, but more of a warning. To show how easy social media platforms can be broken into.
“Hi, we’re Back (OurMine),” the tweets began. “We are here … [to] Show people that everything is hackable.”
— NFL Update (@MySportsUpdate) January 27, 2020
It was also an attempt to plug their own business, helping people with online security. But you don’t need to pay money to make sure you don’t get hacked.
But not all hacks take over the accounts of teams and corporations worth millions of dollars. The hacking of individual social media accounts is far more common.
Every 39 seconds a hacker successfully attains private information, according to cyber safety firm Cybint Solutions. And it is not expected to slow down anytime soon. In 2019, $2,900,000 was lost to cybercrime every single minute, RiskIQ reports.
So, as hacking continues to threaten everyone from the Dallas Cowboys to teens on TikTok and Instagram influencers, here is everything you need to know about how to keep your social media accounts protected.
What does it mean to be hacked?
In a physical sense, a hack is like a bank robbery, only this time the hacker steals valuable information from a server.
It can happen in a multitude of ways, like malware attacks for example. This is a virus that hackers send to a victim through fake advertisements or networks.
But, more commonly, hackers are breaking into social media platforms. Twitter, Facebook, even your Yelp account is at risk.
Although the reasoning behind hacking is endless in the age of digital information, hackers generally gain access to accounts to exploit private information. Credit card numbers, private photos, addresses, medical information are all examples of things that a hacker could steal off of an online account.
Hackers also use social media accounts of employees in order to gather information about larger companies or establishments. Stephanie “Snow” Carruthers is a hired hacker for IBM.
She finds weaknesses in the company’s cybersecurity. She said malicious hackers use information from social media posts to gain access like passwords or entry codes.
“Social media posts are a goldmine for details that aid in our ‘attacks,'” Carruthers said. “What you find in the background of photos is particularly revealing–from security badges to laptop screens, or even Post-Its with passwords.”
It’s trendy for people to share each part of their day online. But, this ample information available on social media also provides hackers with tools to enter a personal account or a major entity.
How can hackers access your account?
For social media accounts, phishing attempts are the most common way for hackers to obtain private information.
Spear phishing is a loaded link, likely to be disguised as harmless, that compromises an account. Russian hackers used a link like this to infiltrate a Pentagon official’s Twitter account during 2017, according to the New York Times. In this case, the Twitter link was disguised as a family vacation offer.
Jay Kaplan, a former Defense Department cybersecurity expert, told the New York Times that social media allowed for this type of cyber attack.
“The human error that causes people to click on a link sent to them in an email is exponentially greater on social media sites because people are more likely consider themselves among friends,” Kaplan said.
Social media makes it easier for users to be closer to their friends while providing a vulnerable state for hackers.
The New York Times reported the Russian hackers sent 10,000 loaded links to Defense Department employees on Twitter. While they said this form of attack is not new, it has never been seen on this scale.
How to prevent being hacked
There is no sure trick to keeping hackers from taking over a social media account, as demonstrated by OurMine. But, there are some cyber safety steps that prevent attacks.
Random and unique passwords are one of the obvious ways to protect social media accounts. Diverse passwords make it harder for hackers to easily break into your accounts. So, change your password from your street name and birth year to something that varies in upper and lower case letters, numbers and symbols.
But, remembering the random passwords for each of your online accounts seems impossible. That is why there are password manager apps that lock all of your account passwords in one place. So, you only need to remember one to unlock the app.
Also, deleting inactive accounts could prevent an attack because it limits the number of ways a hacker could obtain your cyber identity. If your Myspace account still exists, it is probably time to delete.
In addition to those simple steps, overall cyber awareness is vital in preventing attacks. Keeping an eye out for suspicious activity is one of the easiest ways to know if an account has been compromised. If there is a Facebook post published that you do not remember writing, then it is probably time to change passwords.
Cyber awareness also includes being wary of links even if they appear to be from a safe source. The hack that tricked the Pentagon employee was from a fake IT person.
Finally, setting up two-step authentication is a relatively new way to put an additional lock on an account.
It essentially links an account to a separate device by sending an additional code to that device in order to enter the account. After the first password is entered, a phone number or email address will receive a notification that there has been an attempt to log into an account.
This sets up two separate walls which makes it more difficult for hackers to enter through the front door. In the email or text, there is a code that allows the user to unlock the second wall. Google, Apple, Facebook, Microsoft, Twitter users all have the ability to turn on two-factor authentication.
This not only makes it harder for hackers to enter online accounts, but it also notifies users immediately if there is a login attempt on one of their accounts.
Popular accounts that have been hacked
Several popular accounts have been hacked over time. One common hack tends to involve leaking nude photos of public figures.
In October, singer Demi Lovato was a victim of a hacker that leaked photos of her or that appeared to be her on Snapchat.
The Daily Dot reported that it is suspected that a group of hackers, called the Chuckling Squad, targeted Lovato. They also claimed responsibility for hacking Twitter CEO Jack Dorsey’s account and Chloë Grace Moretz’s Twitter account both this past year.
Although it is not clear how these hacker groups are entering private accounts, old social media accounts supposedly facilitated the attacks. It is speculated that the Chuckling Squad used an old SMS service called Cloud Hopper. The service was previously owned by Twitter and Dorsey’s current account had still been linked to Cloud Hopper.
OurMine, on the other hand, told the Daily Dot that they accessed NFL accounts through Spredfast, a social media management service. In 2016, however, the group easily entered Facebook CEO Mark Zuckerberg’s Pinterest and Twitter account by guessing his simple password, according to Vanity Fair.
One hacker once tried to leak former Disney star Bella Thorne’s nudes. They threatened to post nude photos of Thorne in attempt to blackmail the actress.
Instead, Thorne posted them herself.
But, not everyone is comfortable with sharing their nudes with the online world. So, if you don’t, simple steps like diversifying passwords will help prevent the chance you ever need to.