TORONTO – All too often we see headlines warning users of security breaches to social networking sites; some leaving millions of user passwords and account details open for hackers to steal.
Most recently, photo-sharing app Snapchat experienced a breach that allowed hackers to steal the usernames and phone numbers of over four million of its users, including some Canadians.
Others can be more widespread, like a leak in December that saw over two million stolen Facebook, LinkedIn and Google passwords from users all over the world posted on a Russian hacking website.
But experts urge users to pay close attention to these leaks as they could have major repercussions on users’ personal and private lives.
Jeff Quipp, founder and CEO of Toronto-based digital marketing agency Search Engine People, is an expert in digital marketing and social media footprints – which he says can easily be tarnished by online thieves.
“If your password is breached then others can use your channel to start marketing whatever they want. Perhaps more concerning is… they can gather a lot of information about you as an individual which makes it much easier if they are trying to steal your identity,” Quipp told Global News.
Quipp explained damages can vary with each type of breach.
For example, phone numbers were leaked as part of the Snapchat breach which can give hackers the ability to target you directly.
“With phone numbers being released there are a few things that can happen – there are people who will call and ‘phish’ for more information so that they can attempt identity theft, or do more damage to your reputation,” he said.
But the digital marketing expert notes that the Snapchat leak could have been much worse, as hackers could have potentially accessed the private photos that users send – and Snapchat users have gained a reputation for sending suggestive photos.
He also noted that if your password for a social network like Facebook is leaked, hackers could have access to more private photos that you don’t necessarily want to share with the entire Internet.
Besides causing embarrassment to users, hackers could also steal photos to set up fake accounts that could be damaging to the user’s reputation.
Protect yourself online
Though security breaches are out of the user’s control there are a number of steps you can take to protect yourself in case your account is affected.
Of course a strong, regularly changed password is always a good line of defense for keeping hackers out.
Tamir Israel, cyber security expert and staff lawyer at the Canadian Internet Policy and Public Interest Clinic, believes there is a lot of education to be done when it comes to picking a secure password.
“Using the same login and password across multiple sites – there are maliciously minded people who will take that information and try to use it on multiple sites,” Israel said.
He recommends that if they are affected by a security breach users should change their password on all sites that use the same or similar password. He also recommends that people stay away from easy-to-guess passwords like “1,2,3,4” or “Password.”
According to the cyber security expert, passwords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – though they are hard to remember. Israel suggests using a password organizer app or program (preferably one that is secure) to keep track of hard-to-remember passwords.
Quipp suggests that users carefully read and keep up to date with the privacy policies on the sites they post personal information to.
He also suggests that using a temporary email or phone number when if requested by the app or site – especially newer apps like Snapchat that may not have a lot of funding for security.
Users could also consider using a nickname or not using their full names as their username.
“That makes it easier for people to figure out exactly who you are. You can reach out to your friend’s profiles and add them without having to use your real name – generally a picture as your avatar will identify who you are to them,” he said.
Users should also be wary if they receive any phone calls or emails that may appear to be directly from the social network asking for personal information.
“Understand that most social media won’t contact you directly, especially via phone, looking for information about you,” Quipp said. “If you get a call like that, know immediately that someone is phishing for information from you, likely to commit identity theft, and end the call immediately.”