Please fill in the form below to subscribe to our blog

3 Ways That Social Media is a Data Breach Risk – and How to Fight Back

September 14, 2020
social media is a data breach risk represented by a phone schowing social media icons

Is social media a data breach risk? It can be. Here’s how social media is putting your data and systems at risk, and how to mitigate it.  


Today, social media has many business uses: it’s is a common way for companies to market products and events, to keep abreast of industry and societal trends, and an essential tool for prospecting and recruiting. Add in the increasingly blurry line between work and home devices, and the rise of remote work culture, and it becomes clear that it’s not feasible for companies to try to protect themselves from danger by banning social media at work. However, social media is a data breach risk that companies need to take action to mitigate – and we can help with that. 


Massive amounts of social media data have been exposed on the Dark Web 


One risk is that huge amounts of data has been gathered and leaked on the Dark Web about social media users, and that can spell trouble for data security. In one breach earlier this year, a social media data broker exposed the public-facing profiles of 235 million users, 92 million profiles were scraped from Instagram, 42 million from TikTok and four million from YouTube via a misconfigured online database. That data almost inevitably ends up on the Dark Web, powering cybercrime like password cracking, credential stuffing, and phishing.  


Fight back with Dark Web ID 


Monitoring the Dark Web for suspicious activity that compromises employee credentials is vital to ensure that your company is not exposed to unexpected risk – especially when it comes to privileged executive and administrator credentials. Dark Web ID uses human and machine intelligence to monitor the Dark Web 24/7/365 for your employee credentials and alerts you if they appear in Dark Web markets.  


Phishing is today’s biggest threat and it’s not just being delivered via email attachment anymore


Cybercriminals are always looking for new ways to meet their prey where they are to facilitate phishing attacks – and these days, that’s frequently on messaging apps. Look at recent reports on phishing activity by nation-state hackers, like this warning of a hacking group with ties to the Iranian government using LinkedIn and WhatsApp messages to contact potential victims in order to build trust and persuade them to visit a phishing page.  


Fight back with BullPhish ID 


Phishing resistance training with BullPhish ID makes employees more aware of potential phishing attempts, increasing security. The premade, plug-and-play phishing campaign simulation kits allow you to conduct training quickly and easily, using compelling video lessons and online testing to see who needs more help. With more than 80 kits available and 4 new kits added every month, your staffers will stay informed about current phishing threats and be on the lookout for cybercrime.  


Impersonation enabled password theft is becoming easier for cybercriminals 


One increasingly common way for cybercriminals to steal passwords or gain access to systems and data is through impersonation – that’s exactly what happened in the recent Twitter hack. Especially in larger companies, you don’t need much information to fool someone into thinking that you’re a contractor who just lost your password. Password theft by spear phishing is a growing threat too. Data breaches from brands and influencers empower carefully targeted spear phishing against their fans by making attempts seem legitimate with personalized details. Data breaches like the 350K social media influencer accounts that were exposed by Israeli firm Preen Me increase that risk daily. 


Fight back with Passly 


Eliminate the power of a stolen password with secure identity and access management when you add Passly to your cybersecurity arsenal. Multifactor authentication throws up a roadblock that stops stolen passwords cold by requiring a second form of identification, like a numeric code that is delivered to the real owner of that password through an app, preventing a phished password from opening the door to your data. It also provides an efficient barrier against credential stuffing attacks.


Take action now to prevent a data breach


Our suite of digital risk protection solutions can help combat the risk of a data breach through social media enabled cybercrime. As it becomes increasingly more common for social media to be used or business, it will become increasingly more common for cybercriminals to use social media in their attacks. Taking action now to combat potential risks can prevent social media from being a source of trouble for your business.