Skip to Content

Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages

Protect sensitive information in the use of social media and beware of potential cyber attacks arising from data leakages

Date : 18-January-2022

Organisation : Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

Writer : Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

 

The security issue of placing personal information on social media platforms heightened once again after reports of serious data leakages at three of the world’s biggest operators in early April 2021:

  • Data of 533 million Facebook users were exposed publicly[1];
  • Data of 500 million LinkedIn users were scraped and sold online[2]; and
  • Data of 1.3 million Clubhouse users were leaked in a hacker forum[3].

These incidents have made social media platform operators step up their security defence against data leakages. At the same time, users should act to safeguard sensitive data in their social media accounts and stay vigilant against potential cyber attacks launched using leaked personal data.

 

Cyber Attacks Arising from the Personal Data Leakages

Hackers could use the leaked data for various cyber attacks. For example, they could launch phishing and other social engineering attacks by spoofing the email addresses and phone numbers of the users. By impersonating their victims, the hackers could take advantage of the trust of those close to the victims such as family members, friends, and co-workers to engineer more attacks. Also, they could collect leaked data at scale from different data breaches to launch sophisticated and targeted attacks against an individual or an organisation.

 

Self-checking if Involved in Data Breaches

Since 2013, Internet users have been able to use a free self-checking online tool, HaveIBeenPwnd (https://haveibeenpwned.com), to check whether their personal information had been leaked in various data breaches. The tool has recently been updated to allow checking against the leaked data from the above mentioned Facebook incident.

If users found themselves victims in data breach incidents, they should stay calm and follow the security tips and advices in the following sections, to enhance the security protection of online accounts and data, and their defence against cyber attacks.

 

Keep Eyes on Privacy Settings and Security Features

Users should carefully review and control the information to be viewable publicly on social media platforms. Sensitive personal information, such as ID number, residential address, phone numbers and financial information, etc., should be kept private. Users should:

  1. Make good use of the privacy settings of social media tools to fine-tune the permission to control to whom they intended to share;
  2. Review the data shared online regularly and remove them if no longer necessary; and
  3. Customise the privacy settings with reference to the official guideline pages.

 

Advice on Authenticating Third-Party Apps Using Social Media Accounts

Many third-party apps have integrated the Single Sign-on authentication with social media accounts to enhance users’ experience. Users can login to a social media account and then be able to authenticate to multiple online services without the need to remember a different username and password for each service.

However, if such key social media accounts are compromised, the associated third-party apps would also be affected. In this scenario, the users must apply more secure means of authentication for their social media accounts, conduct regular review of the allowed third-party applications and take action to remove apps that are no longer in use. Users should also fine-tune the type of information to be shared with third-party applications with reference to the official guidelines of social media outlets.

 

Tips to Practise Good Cyber Hygiene

Besides securing social media account settings, keep practicing good cyber hygiene is equally important. Users can refer to the following tips to strength against cyber attacks.

  1. Harden your account privacy setting to reduce the amount of personal data to be exposed;
  2. Change the password regularly and enable 2-factor authentication to minimise the risk of account compromise;
  3. Remove any online services which do not require social media single sign-on feature;
  4. Keep the mobile apps up-to-date to protect the data;
  5. Review login history regularly for any abnormal activities;
  6. Beware of suspicious phone calls and instant messaging scams, do not click any suspicious link or attachment in email or instant messaging; and
  7. Upon receipt of security warning, check the status of your account and change your password promptly.

Recently, the Office of the Privacy Commissioner for Personal Data (PCPD) has released the “Guidance on Protecting Personal Data Privacy in the Use of Social Media and Instant Messaging Apps”. Users can find the comparison and privacy settings guideline on different major social media platforms and mobile devices.

All in all, cyber attacks such as phishing campaigns are set to increase which will result in more data breaches. Users should stay vigilant and secure their online accounts to minimise the security risk by following the above tips and advice, so as to reduce the impact of data leakages and cyber attacks.

 

Reference:

[1] https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/
[2] https://news.linkedin.com/2021/april/an-update-from-linkedin
[3] https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/

Back to Top