Updated: Jan 22, 2020
Do you remember the infamous Ashley Madison hack? In July 2015, countless families were broken apart by a data breach targeted at the extra-marital-affair-enabling website. The hack exposed over 25 GB of site data, including personal information about Ashley Madison users. This is one of many data breaches revealing how personal information, which users trust sites to keep secure, can easily be distributed at the hands of a skilled hacker.
How many times have you shared a picture of your birthday cake, made a status update about an upcoming move, or posted about a new job? You’ve probably heard this before, but you’re about to hear it again: everything you put on the internet is available to those who want to find and exploit it.
That might sound a little paranoid, but it’s not without valid backing.
Social Media Is Targeted by Identity Thieves
The original version of this blog, which was published in September 2015, referenced a Huffington Post article. The article highlights how much worse “the data breach problem” had become, even back in 2015. Fast forward 4 years, and this problem certainly hasn’t slowed down.
There were a record 16.7 million victims of identity theft in 2017 according to last year’s report from Javelin Research. This statistic might not seem surprising when you consider the number of data breaches endured by large companies in recent years. Even if you do all you can to protect your own personal data—like using secure WiFi networks, password best practices, and 2-factor authentication—your data still depends on the security of the organizations where it’s stored.
Even still, large company-targeted data breaches aren’t the only way criminals can obtain your private information. Identity theft is committed by hackers finding pieces of personal information on social media sites like Facebook, Instagram, and Twitter. Many people, despite the ongoing risks of identity theft, still post private information that is exploited by bad actors in a number of ways.
For example, check out this public post by a Flickr user boasting about their canceled life insurance policy (this was discovered using Echosec). By posting a photo of their insurer’s cancellation letter, this user is exposing their full name, address, policy number, and insurer:
These post types are a hacker’s dream; they could use this information to source more personal information about the individual, or target them in a phishing scam (for example, by posing as the insurance company). They could use the information to create a false profile or commit fraud or defamation. They could also sell this information on the dark web to other hackers.
The most common type of identity theft these days, is obtained from simple information posted on social media sites such as Facebook, Instagram and Twitter. [Tweet this]
How Can You Prevent This From Happening To You?
There are several ways to prevent identity theft on social media:
- Change your password frequently.
- Avoid clicking on unfamiliar links.
- Don’t release your social security or driver's license numbers.
- Use a different birthdate or last name on social media accounts.
- Use unique questions for password verification—not your pet’s name.
- Review photos for any personal information before posting.
- Limit your social circle and tighten your account security settings to better control who sees your information.
Use common sense when you’re posting personal content on social media. For example, in the case above, the user could have used a text-based post rather than sharing an image of a confidential document. Limiting the amount of critical information perpetrators can use is an individual’s best line of defense against identity theft.
It’s almost inevitable that individuals and organizations will be targeted in a data breach at some point. There’s not much an individual can do to enforce their data’s security once it’s willingly handed to a large organization. However, many identity thieves use social media to find personal information divulged by careless users. Avoid becoming another identity theft victim by using common sense and a bit of caution before posting on social media.
Grab some time with us to learn how Echosec and Beacon can help you detect and mitigate data breaches and identity theft.