It’s an almost daily occurrence, seeing strange messages or marketing rubbish appearing in the social media timelines of those to whom we are connected, knowing full well it is not they who have posted it.
It can be a heart-stopping moment for the victims as they realise they will be seen as the polluter of other people’s news feeds, particularly if the account in question is a business one.
Pretty quickly someone will usually take the time to post them a direct message or comment pointing out this invasion of their social media identity and probably telling them that they have been ‘hacked’. Leaving aside the fact that the correct term for such online break-ins is ‘cracking’, not ‘hacking’, there is a distinct probability that it is not the individual’s account which has been compromised, but more likely a service to which they are subscribed. It is a distinction worth understanding and which could save you future grief of this nature.
We all sign up for a plethora of competing third-party services these days, sometimes almost without thinking or even realising it. Photo-sharing apps, link shorteners, blogging services, they all seem to demand your Twitter and/or Facebook log-in. Indeed, depending on what they are designed to do, some would be unusable without supplying those particular details.
That’s all well and good, but in the rather fast-paced world of internet development, many of those services will have a tendency to atrophy over time. Some of them you’ll forget you even subscribed to, as the next, improved contender comes along.
Even the ones you carry on using might remain almost hobby operations, started by well-meaning founders but never developed into the kind of enterprise that deploys enterprise-standard security; and that’s where the problem lies.
Because they’re not secure enough, they can get cracked by crackers (not hacked by hackers – hacking is actually a positive term denoting hard work on software development. But I digress . . .). Alternatively the defunct service could be sold or passed on by the original developer because those log-ins (your log-in credentials) have a value. That’s when they can start being put to nefarious uses.
While the whole concept of having your account attacked feels quite sinister, in by far the majority of cases it’s not a personal attack for which you have been singled out, but a blunt instrument that has probably been applied to tens of thousands of accounts at the same time. In this scenario it’s extremely unlikely that someone has cracked your personal password. That said, if this kind of thing happens to you, you should always change your password for the affected service, in case someone has got hold of an unencrypted password file for everyone’s account.
What can you do to stop it happening? While you can’t eliminate the risk altogether, a semi-regular audit of who you’ve given access to your social media accounts is always advisable. Visit your account settings and look for the list of services allowed to connect. You might be surprised how many there are and how many you no longer use.
It’s a very simple thing to do, but it could just stop your friends and aquaintances from assuming you have made a career change into the Viagra retailing business!