9.2. Security

While we have our concerns about the privacy of our information, we often share it with social media platforms under the understanding that they will hold that information securely. But social media companies often fail at keeping our information secure.

For example, the proper security practice for storing user passwords is to use a special individual encryption process for each individual password. This way the database can only confirm that a password was the right one, but it can’t independently look up what the password is or even tell if two people used the same password. Therefore if someone had access to the database, the only way to figure out the right password is to use “brute force,” that is, keep guessing passwords until they guess the right one (and each guess takes a lot of time).

But while that is the proper security for storing passwords. So for example, Facebook stored millions of Instagram passwords in plain text, meaning the passwords weren’t encrypted and anyone with access to the database could simply read everyone’s passwords. And Adobe encrypted their passwords improperly and then hackers leaked their password database of 153 million users.

From a security perspective there are many risks that a company faces, such as:

• Employees at the company misusing their access, like Facebook employees using their database permissions to stalk women

• Hackers finding a vulnerability and inserting, modifying, or downloading information. For example:

  • hackers stealing the names, Social Security numbers, and birthdates of 143 million Americans from Equifax

  • hackers posting publicly the phone numbers, names, locations, and some email addresses of 530 million Facebook users, or about 7% of all people on Earth

Hacking attempts can be made on individuals, whether because the individual is the goal target, or because the individual works at a company which is the target. Hackers can target individuals with attacks like:

• Password reuse attacks, where if they find out your password from one site, they try that password on many other sites

• Hackers tricking a computer into thinking they are another site, for example:

  • the US NSA impersonated Google

• Social engineering, where they try to gain access to information or locations by tricking people. For example:

  • Phishing attacks, where they make a fake version of a website or app and try to get you to enter your information or password into it. Some people have made malicious QR codes to take you to a phishing site.

  • Many of the actions done by the con-man Frank Abagnale, which were portrayed in the movie Catch Me If You Can

One of the things you can do as an individual to better protect yourself against hacking is to enable 2-factor authentication on your accounts.