In the past week, Burger King and Jeep had their Twitter accounts hacked. It looked pretty silly to lose control over their official Twitter handles. Seeing some prankster’s tweets on their timeline gave us something to talk about. But in the end, it’s something that could have happened to anyone.
We all know the right thing to do to avoid getting our accounts hacked. Randomize your passwords, change your passwords a few times a year, and don’t use the same password for multiple sites. These are all well-known best practices.
But who proactively changes a password without being prompted by a site? Even when we are forced to change our passwords, we often have trouble coming up with something difficult to guess because we have too many passwords to remember already.
It’s like talking about benefits of healthy eating and regular exercise. We all know that these are good for you. But with easy access to junk food and busy lifestyles, most of us don’t think about what we eat every day or about squeezing in 30 minutes of aerobic exercise.
The same is true with security for our social network accounts. Until it becomes too late, we tend to ignore what we are not doing right. Extending the physical exercise metaphor, we think it’s something that each of us can fix if we decide to follow the best practice.
In reality, however, social network account security is quite a bit more difficult to implement. That’s because everyone is linked with each other in trusted relationships.
Unlike your online banking account password, your social network account password doesn’t only protect access to your data. It also authenticates that you are, in fact, who you claim to be (your social identity) for all the friends and connections that you have.
If my Facebook account is hacked, an attacker can get to my data, but more importantly he can impersonate me and send messages to my friends as me asking them to click things that they shouldn’t. Because all our social network friends and followers are based on this implicit trust, they are much more likely to click on my message than a spammer’s message.
This means our social network security is only as secure as the least secure account among our friends. If one trusted social network account is hacked, then we are much more likely to fall victim to targeted phishing attacks, for example. (This is exactly what happened to me earlier when my friend’s Twitter account got hacked.)
So it may have been fun to talk about Burger King and Jeep’s hacked Twitter accounts, but we have to realize that this threat is lot closer to us than we think. We are too connected to each other to ignore social media security.
Do your friends a favor. Update your social network account passwords.