Over 10 billion records leaked in 2019. That's a 54% increase from 2018. Over 4 billion consumer and individual records were compromised. These numbers mean that every year thousands of people will get hacked on various social media accounts. 

The importance of online security is often underestimated, when it should really be a high priority. And that is a huge mistake. If I could give you one unsolicited piece of advice for 2020, that is to invest some time and energy into your online security and keep your private data safe.

If you want more advice from us this year, subscribe to our newsletter below.

What Happens When Your Account Is Hijacked

Although it sounds illogical, you might not recognize a hacked account at all. It works as usual, but could be abused in many ways for different activities. The most common ways accounts are misused are listed below.

Spam Posts and Links

Posting spam content is very common for hijacked accounts. In this case, your account is misused in order to post any kind of content. Your friends could take this content seriously and follow its message or click the link. It usually leads to some kind of scam website.

Likes and Shares

Your account could be used for liking and sharing defective content. This puts your friends at risk and this activity is done under your name.

Fake Promotions, Discounts or Giveaways

Sharing fake promotions, ridiculously great discounts or even free giveaways could cause your friends to put their credit card details somewhere and ultimately get scammed. 

Private Messages with Sketchy People

Private messages could be sent to your friends under your name. For them it looks totally normal. But a hacker could ask them for a loan and this could lead to a more serious problem.

How to Protect Your Accounts

Strong Passwords

The first thing you hear when it comes to online security is “Set a strong password!” Okay, it's legit advice, but it's not always enough. Don't get me wrong, you should definitely use strong passwords.

What Should a Strong Password Contain

• lowercase letters
• uppercase letters
• a special character
• digits
• a minimum of 12 characters, and ideally, 16 or even more

The more conditions you meet, the more combinations your password will have. It's more durable against brute-force attacks. Anyway, this is only one option to protect your login credentials.

Passwords like JohnDoe1, PurpleMug or Password1234 are easily memorable for you and have millions of combinations. Despite the fact that it contains lowercase letters, uppercase letters and numbers, these passwords are predictable.

The problem is that on the internet, there are databases of common password combinations and attackers are trying these first, so you are not safe with these combinations.

Use unique passwords for different accounts.

Data breaches and compromised usernames or passwords in today's world are usually not your fault. Oftentimes, individual service providers insufficiently secure their servers, so hackers break through their security protection and that's how data gets leaked.

If this happens, the database with your username and password is available for anyone to buy. If you are using the same password across services, anyone could potentially gain access to your other accounts.

In this case, you should create different passwords for all the services and accounts that you are using. Perhaps, that seems unrealistic. This is why you should use a unique password for every app.

Has Your Password Been Compromised?

If your password is compromised, it doesn't usually mean that someone immediately logged in and hijacked your account. To find out if your credentials were compromised, you have to stay informed. 

The best way to learn about password leaks is to check your e-mail address in databases like Avast Hack Check or Have I Been Pwned?. These web services regularly monitor password leaks. You can search your e-mail in the database and see if any part of your account was compromised.

Never put your password in a similar online tool.

Sharing Passwords

Sharing passwords between colleagues is pretty common. According to Survey Monkey research up to 34% of the 1,507 U.S. adults they surveyed said that they share login credentials across their company.

That's usually due to collaboration with teammates, cost reduction, or because of a company's procedure.

These reasons are understandable, but quite risky. Even if your computer is well-secured and you act responsibly, can you say the same about your colleagues? It doesn't have to be because they are irresponsible, but they can make a mistake and your credentials could be compromised.

Instead of sharing passwords, consider using special tools for that. You can try Dashlane, LastPass or Onelogin to securely share passwords across a team. It even allows you to get access to any account temporarily without sharing login credentials. The password itself is hidden, but they can still log in to shared accounts.

Password Managers

That brings us to a chapter about password managers. These tools are a solution for securely saving and generating new passwords so you don't have to remember them all. Thanks to password managers you don't have to remember dozens or even hundreds of passwords, because the app does it for you.

There is a large selection of password managers on the market. According to CNET recommendation, LastPass is currently the best free-to-use manager, while 1Password is the best subscription password manager.

Other options to consider are Dashlane, Keeper, KeePassXC for use across platforms, or Apple Keychain, if you are in the Apple ecosystem.

When Should You Change a Password?

Many people and companies say that you should change your password every 1-3 months. In reality, there is no need to do it regularly. You should change your password when it comes to a data breach from some service you are using. This happens pretty often, so you should stay informed and take action immediately.‍

2-Factor Authentication

Also known under the shortcut 2FA, is a security process, in which the user provides two different authentication factors to verify themselves in order to better protect both the user's credentials and the resources the user can access.

In other words, it's that SMS or displayed number on another device, that you have to retype when signing-in to some apps.

It helps to protect your account in case someone discovers your password and tries to sign in, because it requires unique information (usually a number or on-tap confirmation) on another device.

How to Use 2FA

Using two-step verification isn't too difficult. Many apps and services now support this. Just go to your Settings and find an option to turn it on.

• 2FA on LinkedIn
• 2FA on Facebook
• 2FA on Twitter

Security Tips

To stay secure, as much as possible, follow the next security tips.

Use a Unique E-mail for Your Social Media Account

The biggest problem of today, are login credential breaches. When this happens, and it happens very often, your e-mail address and password become public. To minimize the risk of abuse, use unique e-mail addresses for different accounts.

If you are using Gmail or G Suite, you are given two options on how to “hide” your real e-mail address.

Use Dots .

Put dots somewhere in your name. For Google, it will still be the same address and the message will be delivered to your main inbox.
nameseurename@groost.com = name.surename@groost.com

Use Plus +

Put the character “+” at the end of your name before “@” and add some random words. The message will still get delivered to your inbox.
namesurname@groost.com = namesurname+test@groost.com 

Update Mobile Apps

Be sure you are using up-to-date apps. Every app has security holes and developers try to fix them regularly. When they submit an update to Apple App Store or Google Play, they also publish a list of bugs in a recent version of the app they are updating. It means that you are using an app with security issues, that are publicly known.

Don't Use 3rd Party Apps

Use only official apps for accessing your social media profiles. There are dozens of unofficial clients promising better features or interfaces. I will give you 2 pretty common examples.

Instagram has an app, that doesn't support a big screen on an iPad. Its app looks like an enlarged iPhone app and even the keyboard acts like an iPhone. Using Instagram on an iPad is really uncomfortable.

WhatsApp doesn't even allow you to install an app on iPad, despite the fact that typing texts would be much more pleasant on a big screen. 

These obvious reasons often lead to some people using 3rd party apps. It is a huge security risk, because by using these apps you are providing your sign-in credentials to someone else and you have absolutely no control over it.

Would you give your house keys to some stranger you just met?

Don't Click Shortened Links

An inconspicuous threat is hidden in shortened links. You have probably received something like this in email or message –  http://bit.ly/38guVzt. It's a pretty common link, but you can't recognize where it will take you. 

To see what is hidden under this link and stay safe, use GetLinkInfo, which gives you information about a link before visiting it.

Log Out of Devices

Some services allow you to log out remotely from other devices you are currently logged in to. It's a sign that the company takes security seriously.

If you are using multiple devices or using someone else's device to log in to your account, be sure that you logged out of that device and didn't save the username and password. Then, log in to your account on the device you are currently using and force sign outs from other accounts.

Here are links for Facebook, Twitter and Google. For other accounts, just navigate to the Settings or Google it.

Apps Having Access to Your Social Media Accounts

You have probably seen it. Sign in with Facebook or Google. Or even other accounts. Well, it is a handy way to log in. But a lesser known side effect is, that the button-providers and the service you logged in to are sharing your private data between themselves.

My advice would be “Don't use it, unless you see Sign in with Apple”.  Regardless, it's your decision, but be careful as to which apps have access to your social profiles.

To find out which apps have access and to eventually revoke it, go to Settings.

• Settings for Facebook
• Settings for Twitter‍
• Settings for Instagram

Use HTTPS URLs

Always check your URLs. A URL has to contain HTTPS instead of HTTP.  All of today's social networks use this and should automatically redirect to the correct URL. In the case that you do use a login page with just HTTP, your login credentials might be compromised, because data transfer to servers are not encrypted. It's hazardous, especially if you are connected to public Wi-Fi.

Use a VPN

If you often connect to any web service on public Wi-Fi's such as in hotels, airports, airplanes, coffee shops etc., you should use a VPN. It will protect you from local network attacks and keep your data private. Without using a VPN, even strong passwords can be compromised.

There are many solutions on the market. Pick one that will work best for you. This guide from Tom could help you.

Check browser extensions

Browser extensions add much more functionality to your internet browser. That's great, unless you discover fraudulent plugins, that can steal your data or misuse your computer.

Be very careful about this and pick only trusted ones. Also, check previously installed extensions and delete all of those you are not already using or that seem suspicious.

• Chrome – copy chrome://extensions/ to address line
• Brave – copy brave://extensions/ to address line
• Safari – navigate to Safari - Preferences - Extensions (or see this article)
• Firefox – see this article

Don't Save Passwords to Your Computer

Browsers offer the option to save passwords when signing up or signing in. Sure, it simplifies the sign-in process for the future, but it's a security risk. They can easily be compromised, especially in case someone steals your computer.

📖 To deep-dive into this problem, read this article.

What To Do, If You Have Been Hacked?

I don't want to scare you, but it might happen. It has probably already happened to you. The good thing is, that most credentials are encrypted, so that your password isn't visible to anyone. For now. With increasing computing power, it is only a matter of time before someone breaks the encryption.

If You Can Log In to Your Account

In case you still have access to your account, follow these steps:

• Sign in
• Log out from other devices remotely
  (Facebook, Twitter and Google. For other accounts just navigate to the Settings or Google it)
• Change your password

If You Can't Log In to Your Account

If you don't have access to your account, try to reset your password. If this doesn't work, follow the instructions provided by the service.

• Facebook
• Instagram
• Twitter
• For other services, try to Google it

There is always a chance that your account will be compromised. I hope this guide helped you to understand how vulnerable your online accounts can be and showed you steps to secure them and better protect your data. 🙂