You may think having a social media account being hacked is for everyone else until someone you know gets hacked and they look for advice. In this case the problem was first noticed with Twitter spam and a month later with a new Instagram account linked to Facebook. A few simple steps can help avoid the effort of cleaning up.
It all started at the beginning of November with me noticing spam tweets. The tweets were deleted and the password changed on Twitter. A month later a more serious use was made of the Facebook account that shared the same password. An Instagram account was created using the Facebook ID with pictures showing pictures of young girls (children) wearing very little. The comments against the pictures were men asking to use Kik messenger to directly contact the person which is known to be related to ‘cyber-predators’. Things could have been much worse (such as stealing the persons identity to apply for credit cards) but it does demonstrate what we may see as security fud is real.
The personal computer used by the person has three security software packages (setup by a paranoid security specialist). So how could this happen? There are several explanations that I think the most likely possibility is the password was recorded on a public or shared computer (such as University computers).
So what steps should be taken to protect against this happening?
- Never reuse the same password across different accounts because once one is compromised the rest are compromised. Use something like Keepass to store the passwords using a strong password – you can use Dropbox to make the password safe available on your PC, phone and Internet. So you can remember a strong password use a phrase of connected words with numbers and non-alphanumeric characteers such as % and $. (There are risks with this but it is much less than using the same password).
- Don’t link Facebook or Twitter login details to link to other accounts such as Instagram because once one linked account is compromised the rest are compromised.
- Don’t use public computers to login to Internet accounts (especially your bank) where key logging software may be installed.
- Turn on extra security to be notified when someone logs in using your account and remove access to linked applications and devices where no longer needed. With Facebook and Twitter they have setting to be notify you if someone uses your account and they can require you to enter a uniquely generated code from a device you already have authorised.
- And use good security software on your personal computer – I use a combination of Norton Anti-Virus, Zemana Anti-Logger and Spybot S&D using immunization. Zemana Anti-Logger provides some protection against programs recording username and passwords.
This does not guarantee you wont have problems but it does reduce the risk significantly.