How To Protect Your Personal Information on Social Media

Share this:

Jory MacKay

Writer, Strategist & Award-Winning Editor

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    What Can Hackers Find Out About You on Social Media? 

    Your personal information is safest when you don’t share it on social media.

    Social media will always be a trade-off between connection and protection. 

    The more you share on social media, the more information about your life can be stolen.

    It’s hard to strike a balance. But there are three areas where you can make small changes to protect your personal information on social media: sharing, security, and surroundings. 

    12 Tips to Safeguard Your Privacy on Social Media

    We all publish some amount of private information on social media. Knowing what kind of personal data cybercriminals can use will help you understand what you shouldn’t post.

    1. Don’t Share Your Live Location or Daily Routines

    Sharing photos while you’re on vacation can be fun, but those photos immediately alert everyone that you’re away from home. Instead, collect photos on the trip and only share once you’re back.

    Also, avoid posting about routines in your daily life. A story about your “daily 6 a.m. workout” tells stalkers where they can find you every morning and lets thieves know when you’re away.

    2. Don’t Share Identification Numbers

    You might not think so, but your identity can be stolen with just your ID.

    Identification and financial information like your Social security number (SSN), driver’s license number, bank account numbers, and passport number should never make it to a social media site. These can be used immediately for identity theft and more. (As an added warning, it's not always possible to change your Social Security number – even after identity theft.)

    But when we’re first-time drivers, proud world travelers, and excited entrepreneurs, it’s easy to think of our license, passport, or first paycheck as something to show off on social media. But resist the urge to flaunt your success. If you absolutely need to post it on social media, make sure none of your personally identifying numbers or information is legible. 

    3. Share Less in the “About” Section

    Social media platforms let you share all kinds of personal information online. But all this information just adds to your online footprint. Just because a field is offered doesn’t mean you need to fill it in.

    Consider leaving information blank on your social media profile or only giving a broad answer. For example, enter the industry you’re in instead of a specific employer. Even seemingly harmless information like your maiden name or hometown can help hackers crack your security questions.

    4. Only Accept Connection Requests From People You Know

    You’ve heard it plenty of times, but it’s still true: only accept followers and friend requests from people you know. If you’re building a public persona, consider creating a separate account.

    Even if you’re careful about what you post, friends can see what others post about you. With a little deduction, any of your friends can quickly find your date of birth and mine your friends list for information about you.

    Plus, the people behind the fake accounts may use them to organize scams, defraud your friends, and even run blackmail campaigns.

    5. Create Strong, Unique Passwords

    Passwords are our first, and sometimes only, line of defense against hackers. It pays to make them as secure as possible.

    First, follow the basics. Don’t use “password,” your username, or easy-to-find data like your anniversary. Not only are these insecure, but in some instances, they expose personal details—like your birthday or phone number—along with the password.

    the most popular passwords around the world
    [Image source: Statista]

    Generally speaking, a long password is a strong password. Every password should have a minimum of 12 characters—ideally, closer to 16. Every extra character makes it an order of magnitude harder to crack your password.

    Your password should also be unique to every site. If one login is ever leaked, every account with that password is at risk. For the same reason, never recycle passwords (like using your old Twitter password as your new Snapchat password). 

    This method was used on some of the highest-profile hacked celebrities, including Facebook founder Mark Zuckerberg, so it can happen to you.

    It’s hard to keep track of dozens of secure, different passwords. Consider using a password manager to track them securely.

    6. Use Two-Factor Authentication (Avoid SMS)

    Two-factor authentication is a security measure that requires a one-time code, either from an app on your phone or a text message, in addition to your password. Today, most major social media accounts include this feature.

    Since these codes are only valid for a few minutes, they’re more secure. But they’re even stronger, since they require whoever’s trying to log in to have a password and the right device—unlikely in most hacking scenarios.

    Pro tip: use an authenticator app like Google or Microsoft, instead of SMS for an extra layer of security.

    7. Tighten Your Profile's Privacy Settings

    It’s easy to leave the default privacy settings on your account. They might be fine if you never share sensitive information, but you should at least review the choices rather than hope for the best.

    In just fifteen minutes, you can quickly review the account information for the social media sites you use regularly like Facebook, Twitter, LinkedIn, and Instagram. Choose what different social media user groups—like your friends, friends of friends, or unregistered users—can see.

    And remember, the settings go beyond just posts. On most sites, basic profile data, comments to public posts, and online activity at third-party sites (like comments or quizzes) are shared publicly.

    Decide what you want and don’t want to share.

    8. Force Unrecognized Devices and Sessions to Logout

    Many social networking sites, including Facebook (and Facebook Marketplace), Instagram, Pinterest, and LinkedIn, let you see active account logins worldwide.

    If you’ve never done this, make sure you recognize all of the logins—for example, on your own laptop and phone. If you don’t recognize them, you can sign out of all open sessions. You’ll need to sign back in later, but it’s worth the extra effort.

    Even if you know how to use social media responsibly, it’s not just the network itself where you should pay attention. Your accounts are only as secure as your devices and the precautions you take when you’re not logged in.

    9. Watch Your Back When Out in Public

    You’re at the local coffee shop and want to browse Instagram. What’s the safest way to do it?

    First off, there's a type of identity theft attack called shoulder surfing, where wandering eyes lurk over your shoulder as you're typing in your password to any social media account. Beware of prying eyes anytime you're using your mobile device to sign-in to any online accounts in public.

    Secondly, avoid public Wi-Fi, as it’s surprisingly easy for hackers to intercept your connection and collect all the data. A better option is to use a private hotspot from your phone.

    If you must use Wi-Fi, consider a VPN, which scrambles the data you send and makes your location untraceable. For any site—but especially when logging in or entering credit card data—always check for an HTTPS connection (often represented by a green padlock symbol).

    10. Pay Careful Attention to Security Alert Emails

    Email can be one of the best safeguards for your social media accounts.

    Notifications of failed login attempts or changes to your password could be a warning sign of a hacking attempt. Add two-factor authentication if you haven’t already, and consider changing your password.

    But you should pay attention to the emails themselves, as they’re also common phishing scams.

    Phishing uses pretend authority to trick you into sharing personal data. Let’s say you get a warning email with a button or QR code to log in to Instagram. The button takes you to a site that looks exactly like the Instagram login page—but when you type in your password, it goes straight to a hacker.

    To protect yourself from phishing, always verify that emails are from who they claim to be from. Misspelled sender names (like “Instagram”) are easy to fake, so look at the email address. It should come from the official website, like “”

    If you’re still unsure, the safest option would be to visit directly to resolve any issues.

    11. Delete Expired Social Media Accounts

    We all have online accounts we never use—will you or anyone you know even notice if you delete your old MySpace site?

    Every social networking site you keep open is an extra window of vulnerability. Delete unused accounts and think carefully before signing up for new accounts.

    Pro tip: try Identity Guard's Dark Web Scanner to ensure none of your personal data is floating around on the Dark Web. If our scan detects that your information has been exposed, you may be at risk for identity theft.

    If you’re a member of social sites you don’t use often but don’t want to delete, make sure you have a secure password and two-factor authentication for them. You can also improve security by logging out of the site on your devices and deleting the app from your phone. It’s one less vulnerability if someone accesses your device.

    12. Don't Ignore Software Updates

    Some social media risks work because they exploit bugs in your computer, phone, or tablet. You can protect yourself from these types of cyber attacks by updating to the most recent software, which has stronger code and fewer bugs.

    Update your operating system, like macOS or Windows, as well as your browser, like Chrome or Safari.

    For additional protection, you can also use antivirus and malware software.

    Related: Aura vs. LifeLock: Which identity theft protection service is best in 2022? <--

    Recent Social Media Data Breaches: Were You Affected?

    Even if you do your best to keep your social media accounts secure and private, hackers and scammers find ways to access your personal information. In recent years, social media sites have become targets for hackers who want to leak your information in data breaches and even sell if on the Dark Web.

    Here are some of the most recent social media data breaches:

    • Twitch (October 2021): Almost the entire Twitch source code was leaked online including information on their 7 million users [*].
    • LinkedIn (June 2021): Data associated with 700 million LinkedIn users was posted for sale on a Dark Web forum including email addresses, location, phone numbers, and other social media accounts and details [*].
    • Facebook (April 2019 - leaked online in April 2021): Over 550 million Facebook users had their data published online, including Facebook IDs, names, dates of birth, locations, and relationship statuses [*].
    • Twitter (May 2018): Passwords for all 330 million Twitter users were leaked online. The company didn't confirm how their data became public, but only that they had been exposed for several months [*].
    • Quora (December 2018): Data from up to 100 million Quora users was leaked, including email addresses, names, encrypted passwords, and other user accounts linked to Quora [*].
    • Tumblr (February 2013): One of the earliest social media data breaches, the Tumblr breach exposed email addresses and passwords for 66 million users [*].

    If you've used any of these social media sites now or in the past, your data could be at risk. Use Aura's Identity Guard Dark Web Scanner to see what hackers have access to and update your accounts and passwords now.

    Aura Identity Guard Dark Web Scanner

    The Bottom Line: Protecting Yourself on Social Media

    With social media, security is in your hands. Luckily, you don’t have to choose whether you’d rather have an account with plenty of connections—lots of friends, sharing, and information—or one with more protection.

    Your online safety is a serious matter. Take action and improve the security of your social media accounts today.

    Ready for ironclad identity theft protection? Try Aura 14-Days Free!

    Related Articles

    bank scams and financial scams to avoid

    2022 Bank Scams: 15 Ways To Protect Your Bank Account

    Scammers will go to any length to get access to your bank account and financial information. Here’s how to stop them and keep your accounts secure.

    Read More
    May 18, 2022
    Illustration of an Airbnb scam

    10 Airbnb Scams That Will Ruin Your Next Vacation

    Booking your next vacation rental? Here’s a list of all the latest Airbnb scams so you know what listings to pass on and which ones are legitimate.

    Read More
    May 9, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers