What Can Hackers Find Out About You on Social Media?
Your personal information is safest when you don’t share it on social media.
Social media will always be a trade-off between connection and protection.
The more you share on social media, the more information about your life can be stolen.
It’s hard to strike a balance. But there are three areas where you can make small changes to protect your personal information on social media: sharing, security, and surroundings.
12 Tips to Safeguard Your Privacy on Social Media
We all publish some amount of private information on social media. Knowing what kind of personal data cybercriminals can use will help you understand what you shouldn’t post.
1. Don’t Share Your Live Location or Daily Routines
Sharing photos while you’re on vacation can be fun, but those photos immediately alert everyone that you’re away from home. Instead, collect photos on the trip and only share once you’re back.
Also, avoid posting about routines in your daily life. A story about your “daily 6 a.m. workout” tells stalkers where they can find you every morning and lets thieves know when you’re away.
2. Don’t Share Identification Numbers
You might not think so, but your identity can be stolen with just your ID.
Identification and financial information like your Social security number (SSN), driver’s license number, bank account numbers, and passport number should never make it to a social media site. These can be used immediately for identity theft and more. (As an added warning, it's not always possible to change your Social Security number – even after identity theft.)
But when we’re first-time drivers, proud world travelers, and excited entrepreneurs, it’s easy to think of our license, passport, or first paycheck as something to show off on social media. But resist the urge to flaunt your success. If you absolutely need to post it on social media, make sure none of your personally identifying numbers or information is legible.
3. Share Less in the “About” Section
Social media platforms let you share all kinds of personal information online. But all this information just adds to your online footprint. Just because a field is offered doesn’t mean you need to fill it in.
Consider leaving information blank on your social media profile or only giving a broad answer. For example, enter the industry you’re in instead of a specific employer. Even seemingly harmless information like your maiden name or hometown can help hackers crack your security questions.
4. Only Accept Connection Requests From People You Know
You’ve heard it plenty of times, but it’s still true: only accept followers and friend requests from people you know. If you’re building a public persona, consider creating a separate account.
Even if you’re careful about what you post, friends can see what others post about you. With a little deduction, any of your friends can quickly find your date of birth and mine your friends list for information about you.
Plus, the people behind the fake accounts may use them to organize scams, defraud your friends, and even run blackmail campaigns.
5. Create Strong, Unique Passwords
Passwords are our first, and sometimes only, line of defense against hackers. It pays to make them as secure as possible.
First, follow the basics. Don’t use “password,” your username, or easy-to-find data like your anniversary. Not only are these insecure, but in some instances, they expose personal details—like your birthday or phone number—along with the password.
Generally speaking, a long password is a strong password. Every password should have a minimum of 12 characters—ideally, closer to 16. Every extra character makes it an order of magnitude harder to crack your password.
Your password should also be unique to every site. If one login is ever leaked, every account with that password is at risk. For the same reason, never recycle passwords (like using your old Twitter password as your new Snapchat password).
This method was used on some of the highest-profile hacked celebrities, including Facebook founder Mark Zuckerberg, so it can happen to you.
It’s hard to keep track of dozens of secure, different passwords. Consider using a password manager to track them securely.
6. Use Two-Factor Authentication (Avoid SMS)
Two-factor authentication is a security measure that requires a one-time code, either from an app on your phone or a text message, in addition to your password. Today, most major social media accounts include this feature.
Since these codes are only valid for a few minutes, they’re more secure. But they’re even stronger, since they require whoever’s trying to log in to have a password and the right device—unlikely in most hacking scenarios.
Pro tip: use an authenticator app like Google or Microsoft, instead of SMS for an extra layer of security.
7. Tighten Your Profile's Privacy Settings
It’s easy to leave the default privacy settings on your account. They might be fine if you never share sensitive information, but you should at least review the choices rather than hope for the best.
In just fifteen minutes, you can quickly review the account information for the social media sites you use regularly like Facebook, Twitter, LinkedIn, and Instagram. Choose what different social media user groups—like your friends, friends of friends, or unregistered users—can see.
And remember, the settings go beyond just posts. On most sites, basic profile data, comments to public posts, and online activity at third-party sites (like comments or quizzes) are shared publicly.
Decide what you want and don’t want to share.
8. Force Unrecognized Devices and Sessions to Logout
Many social networking sites, including Facebook, Instagram, Pinterest, and LinkedIn, let you see active account logins worldwide.
If you’ve never done this, make sure you recognize all of the logins—for example, on your own laptop and phone. If you don’t recognize them, you can sign out of all open sessions. You’ll need to sign back in later, but it’s worth the extra effort.
Even if you know how to use social media responsibly, it’s not just the network itself where you should pay attention. Your accounts are only as secure as your devices and the precautions you take when you’re not logged in.
9. Watch Your Back When Out in Public
You’re at the local coffee shop and want to browse Instagram. What’s the safest way to do it?
First off, there's a type of identity theft attack called shoulder surfing, where wandering eyes lurk over your shoulder as you're typing in your password to any social media account. Beware of prying eyes anytime you're using your mobile device to sign-in to any online accounts in public.
Secondly, avoid public Wi-Fi, as it’s surprisingly easy for hackers to intercept your connection and collect all the data. A better option is to use a private hotspot from your phone.
If you must use Wi-Fi, consider a VPN, which scrambles the data you send and makes your location untraceable. For any site—but especially when logging in or entering credit card data—always check for an HTTPS connection (often represented by a green padlock symbol).
10. Pay Careful Attention to Security Alert Emails
Email can be one of the best safeguards for your social media accounts.
Notifications of failed login attempts or changes to your password could be a warning sign of a hacking attempt. Add two-factor authentication if you haven’t already, and consider changing your password.
But you should pay attention to the emails themselves, as they’re also common phishing scams.
Phishing uses pretend authority to trick you into sharing personal data. Let’s say you get a warning email with a button or QR code to log in to Instagram. The button takes you to a site that looks exactly like the Instagram login page—but when you type in your password, it goes straight to a hacker.
To protect yourself from phishing, always verify that emails are from who they claim to be from. Misspelled sender names (like “Instagram”) are easy to fake, so look at the email address. It should come from the official website, like “firstname.lastname@example.org.”
If you’re still unsure, the safest option would be to visit Instagram.com directly to resolve any issues.
11. Delete Expired Social Media Accounts
We all have online accounts we never use—will you or anyone you know even notice if you delete your old MySpace site?
Every social networking site you keep open is an extra window of vulnerability. Delete unused accounts and think carefully before signing up for new accounts.
If you’re a member of social sites you don’t use often but don’t want to delete, make sure you have a secure password and two-factor authentication for them. You can also improve security by logging out of the site on your devices and deleting the app from your phone. It’s one less vulnerability if someone accesses your device.
12. Don't Ignore Software Updates
Some social media risks work because they exploit bugs in your computer, phone, or tablet. You can protect yourself from these types of cyber attacks by updating to the most recent software, which has stronger code and fewer bugs.
Update your operating system, like macOS or Windows, as well as your browser, like Chrome or Safari.
For additional protection, you can also use antivirus and anti-malware software.
Recent Social Media Data Breaches: Were You Affected?
Even if you do your best to keep your social media accounts secure and private, hackers and scammers find ways to access your personal information. In recent years, social media sites have become targets for hackers who want to leak your information in data breaches and even sell if on the Dark Web.
Here are some of the most recent social media data breaches:
- Twitch (October 2021): Almost the entire Twitch source code was leaked online including information on their 7 million users [*].
- LinkedIn (June 2021): Data associated with 700 million LinkedIn users was posted for sale on a Dark Web forum including email addresses, location, phone numbers, and other social media accounts and details [*].
- Facebook (April 2019 - leaked online in April 2021): Over 550 million Facebook users had their data published online, including Facebook IDs, names, dates of birth, locations, and relationship statuses [*].
- Twitter (May 2018): Passwords for all 330 million Twitter users were leaked online. The company didn't confirm how their data became public, but only that they had been exposed for several months [*].
- Quora (December 2018): Data from up to 100 million Quora users was leaked, including email addresses, names, encrypted passwords, and other user accounts linked to Quora [*].
- Tumblr (February 2013): One of the earliest social media data breaches, the Tumblr breach exposed email addresses and passwords for 66 million users [*].
The Bottom Line: Protecting Yourself on Social Media
With social media, security is in your hands. Luckily, you don’t have to choose whether you’d rather have an account with plenty of connections—lots of friends, sharing, and information—or one with more protection.
Your online safety is a serious matter. Take action and improve the security of your social media accounts today.