We all assume that with every login to our favorite social platform, all our data will be there just as we left it the day before. What could possibly happen overnight? What could happen over a week or more?
Well, quite a lot actually. Big social platforms have even bigger servers and tons of money, but hackers are only getting better.
Circumstances change. Companies get acquired. Terms of service change. There is not much you can do about it, except always be prepared for the worst.
Sponsored by VB
Here are some of the main reasons why you should never take social networks for granted:
1. No one is “unhackable.”
Twitter: Yesterday, Twitter admitted 250,000 user accounts had been compromised. This is just the latest of several reports of Twitter being hacked. One of the most prominent previous hacks was of the Huffington Post account.
LinkedIn: In June 2012, a file containing 6.5 million passwords appeared in an online forum based in Russia.
Foursquare: One of the most famous incidents of Foursquare hacking was the story of Ashton Kutcher’s account being taken over by a not-so-smart hacker, who then tweeted location of Kutcher’s alleged love interest. Fortunately, the hacker was dumb enough to get caught in the act by revealing his own location, but the account was compromised nevertheless.
Flickr: This service is undoubtedly one of the best photo-sharing sites on the web. Even with growing competition, Flickr is still preferred by professionals and other photography fans. There are not many disastrous exploits to recount, but losing an account here, should it ever happen to you, can be one the most devastating of all social media loses. We collect priceless moments that are one of a kind and have the ability to store them in high resolution for a small amount of money per year. There are known cases of deletion, even when it comes to paid accounts.
2. Social networks come and go.
Google Wave: Remember this over-hyped social tool? The platform was unveiled in May 2009 to an eagerly awaiting group of developers at Google I/O in San Francisco. Google stopped further development on Wave in August 2010.
DailyBooth: The photoblogging website was designed to let users take a photo of themselves every day with a caption, in order to document and share their life with others. In August 2009, the site was reported to have over 3 million unique visitors a month with a growth rate of about 35% a month. On 11 November 2012, it was announced that the site would be closing down on 14 November. On 31st December, the site was deleted completely.
Friendster: This pioneer among social networks first launched in 2002 and attracted tens of millions of users over the years. It raised close to $50 million in venture capital and in 2009 was acquired by MOL Global for a reported $40 million. Following such an amazing start, it came as a surprise that in May 2011 Friendster has shut its doors and access to the data stored on its servers.
Gowalla: This location-based social network launched in 2007 and closed in 2012. As of November 2010, there were approximately 600,000 users. It was acquired by Facebook on December 2011. On March 10, 2012, Gowalla announced it would cease operation and users would be able to download their photos, checkins, and lists “soon.” However, this seems to have fallen through, as the site was made unavailable before these histories could be downloaded.
3. Social media sites are not backup systems.
Following the leak of LinkedIn passwords, the company admitted its protective measures weren’t good enough. The poster child of all hacks last year, Mat Honan, senior writer for Wired, blamed Apple and Amazon for not protecting his data well enough.
We can get angry and defensive, but the prime role of social media is not protecting our data (although we would hope this should be their priority, and they owe it to the users). Rather, these networks exist to keep us connected.
In most terms of service, the platforms inform you that in case of loss of your data, they are not responsible:
“ We do our best to keep Facebook safe, but we cannot guarantee it.”
“Some of Flickr APIs may be experimental and not tested in any manner. Flickr does not represent or warrant that any Flickr APIs are free of inaccuracies, errors, bugs, or interruptions, or are reliable, accurate, complete, or otherwise valid.”
“Twitter will not be responsible or liable for any use of your Content by Twitter.”
“Vimeo shall not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data or other intangible losses.”
In all cases, we use platforms at our own risk and should take the worst-case scenarios into consideration.
4. Your account can be suspended or terminated for any reason without notice.
Chris Leydon of Keynote Productions knows this too well: “Emails to Facebook’s ‘My Account Has Been Disabled’ team didn’t prove much help either, reiterating the points on their FAQ page and saying that their decision is final.”
Lately, the issue of suspending Facebook and Instagram accounts has been in the spotlight due to controversial move from the social giant to lock a large number of accounts until users identify themselves. This is yet another step Facebook taken to reduce the growing number of spam accounts on the site.
Also, networks can and might delete your account after an extended period of inactivity on your part.
5. Even if the terms of service are great now, they can change drastically when the company gets acquired.
What’s more, the reason behind the acquisition can be getting rid of a competitor, in which case, the new owner may not always respect the wishes of the previous one (see: Gowalla, Instagram).
6. Password cracking has gotten better.
Graphic processors allow password-cracking programs to work thousands of times faster than they did just a decade ago.
The LinkedIn breach (mentioned above) should by now make us realize that relying on traditional passwords isn’t enough anymore. Investigation-management software provider I-sight provides the following note on how easy it is to crack your password:
7. Hackers got better, and passwords got worse.
Every time a password breach comes to light, hackers learn more about the way we think. The ever-growing access to leaked password lists allows thieves to write algorithms to make cracking passwords faster and more accurate.
Even not-so-experienced programmers are often capable of conducting a hack on a small scale. We are responsible for making this fairly easy, since a large number of us still uses very basic passwords even though we realize the repercussions and how much is at stake.
How many of you are currently using two-tier authentication, given an option by service provider? It takes time, and it’s just as annoying as filling in captcha every time we set up new profile somewhere, but we don’t do it. Has anyone ever said, “I regret using two-tiered authentication” when there is a public leakage of passwords, and they are one of the very few people unaffected?
According to Microsoft research, “The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them.”
We don’t tend to commit to much brain space to storing more than seven different password combinations. Most of the time when a major breach is unveiled, we discover that “123456” is still a popular choice.
Most of us don’t realize how much easier we are making hackers’ jobs when we are lax about our own passwords. Please bear in mind the time required will only be getting shorter as technology moves forward.
Putting doom and gloom aside, what can be done about it all?
Follow your favorite network’s updates via Twitter and Facebook. Should there ever be plans to shut down the service and make some colossal changes, you will be informed and will likely have enough time to move your important data elsewhere.
Use strong passwords. One website offers some guidelines:
You can also use password management software such as 1Password.
Make sure you adhere to the guidelines of the network and that you are not abusive or behaving in a harassing manner. That kind of behavior can get you suspended or in some cases blocked.
Have your social media data backed up. The content of your Facebook or LinkedIn accounts can be worth more than the documents you are backing up on your hard drive. Social account data needs to be secured as often or more often than your data stored elsewhere.
Considering all the above, we should realize that there is no guarantee our data is secure or that it will be there when we next log in. Since our social networks online are so important to us, let’s make sure we protect them the best we can.
We can only do so much when it comes to improving our security on social media platforms, but what we do have influence over is having a backup of our social life tucked safely away somewhere else.
Maggie Foggin is co-founder of online backup service Frostbox.
Photo credit: captain simon’s mandolin
VB’s research team is studying mobile user acquisition... Chime in here, and we’ll share the results.