Hackers rarely invent new tricks. Rather, they just find new ways to use old ones.
When Tom Van de Wiele — F-Secure Principal Security Consultant — was growing up, taking over IRC accounts and channels was the thing. “Now people amuse themselves with social media accounts and bribing,” he told me.
If you have a Facebook, Twitter, Snapchat, Pinterest or Instagram account with a lot of content and/or followers, you are at risk of being hacked and extorted. And even if you don’t have a lot of followers but still place a lot of value in your account, you could become target of a motivated attacker.
So how will you be hacked?
If you don’t have 2FA — two-factor authentication — it’s pretty easy. “The password will be guessed,” Tom said.
“The ‘guessing’ is the result of the criminal going through all email addresses and accounts you own and seeing what passwords you chose in the past. The attacker will then try to bruteforce into the account using a password you used for other services combined with other keywords and mutations you might have chosen.”
Where can criminals find which passwords you’ve used in the past?
“Websites like have Have I Been Pwned? are great to see where your data might have been exposed. But the same lists that website uses are downloadable, and the cracked passwords from those lists are being traded on-line as you read this.”
So what can you do to prevent your social media accounts from being hacked?
Tom’s best practices for social media (and other online service) hygiene
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018