From hackers who take over your Instagram account, fake friend requests that hijack your Facebook profile or pirates that publish propaganda messages in your name on Twitter – as happened on a massive scale mid-March – the risk of having your personal data or identity stolen on social media has never been higher. However, there are a few simple things users can do to help prevent attacks.
Keep third-party apps to a minimum
Social media accounts can be vulnerable to hacks via third-party applications. The recent Twitter hack involving several thousand accounts originated from Twitter Counter, an add-on tool for tracking all kinds of stats for a given account. By pirating the application databases, hackers were able to take control of scores of user accounts relatively easily.
It's therefore a good idea to regularly check the list of third-party apps connected to your account. These are all listed in the "Apps" tab of Twitter's account settings. Here you can review and, if necessary, remove both official tools like mobile apps or Periscope, as well as more obscure or obsolete applications. Also, think to restrict or revoke the access of such apps when you're no longer using them. Third-party apps are also used on Facebook and LinkedIn.
Turn on two-step authentication
It's a good idea to activate two-step authentication for signing in to online accounts. That means that you'll need to approve any log-in attempt via text message or email, as well as entering your password. Another advantage of two-step authentication is that you'll be notified in the event of an attempted intrusion.
Facebook users can currently activate two-step verification by selecting "Require a security code to access my account from unknown browsers" in the "Login Approvals" section of the "Security" menu after entering a mobile phone number. A security code is then sent by text message with each new connection attempt.
Twitter users can select "Verify login requests" in the "Security & Privacy" menu, then enter their mobile phone number to receive a text message containing an access code for each new attempted login. Instagram and LinkedIn have similar features.
It may sound obvious, but lots of people forget or overlook this basic rule. However, it really is important to change passwords on a regular basis — ideally once every three months. Make sure you never use the same password for different sites and try to find ways of making passwords as complex as possible but still easy to remember. Try using the first letters of the words in a memorable phrase or song title, for example.