Social media gets blamed for a lot of things: spreading gossip, fostering hysteria, targeting fraud victims, catfishing, and even burglary. Some of those risks have been overstated, even sensationalized, but all of those social media-related crimes have occurred. Of more direct concern for business is the undeniable connection between the rise of social media and cybercrime.
With the multiplication of social media platforms, many more doors have opened to attackers. Social media platforms are rich repositories of valuable personal data, putting them squarely in the bullseye of hackers' interests. A successful breach of a social media site that stores its data in unencrypted form is, next to a breach of government records, the most devastating form of dox there is. Just ask the former customers of Ashley Madison.
Here’s a breakdown of some of the most notable social media hacks over time:
AOL Hack: August 2006
The AOL hack was one of the first hacks that was widely known in the non-technical community, since it targeted largely the non-technical users of AOL's gated internet community. Prior to this the general public had not realized that it, too, was vulnerable to, and a target of, hackers. The hack itself was a phishing attack which obtained information from over 650,000 users. The data released by the hackers included Social Security numbers and credit card details.
Second Life Hack: September 2006
When the virtual world Second Life was attacked, the hacker made off with unencrypted usernames, real names, and real contact information such as email addresses, and encrypted data including payment information and account passwords.
Mark Zuckerberg's Facebook Account Hacked: January and December 2011
It was a great victory for Schadenfreude, if not for security, when Facebook kingpin Mark Zuckerberg's Facebook profile was hacked. This one was quickly buried, but it appears that at some point in January, a hacker accessed the Facebook founder's personal account and made a splash on a Zuckerberg fan page, suggesting that Facebook would give up money and turn itself into a not-for-profit.
In December of the same year, a security researcher demonstrated a flaw in Facebook's security by exposing Zuckerberg's personal and private photos. That got the flaw fixed promptly, although the researcher lost a claim to Facebook's generous bug bounty by going public.
Playstation Outage: April 2011
This massive 2-day attack knocked the normally robust and immense Playstation network offline for 23 days. It compromised the security of 77 million account holders, exposing names and addresses, among other details.
LinkedIn Hack: June 2012
As the default professional networking site on the internet, LinkedIn occupies a place of prestige and influence. Unfortunately for more than six million users, its security proved not to be up to the same standards. User password hashes were stolen and leaked to the internet. Because LinkedIn was using the SHA-1 protocol to hash the passwords and not salting them, they were easily decrypted. Remember this hack; we're going to come back to it.
Twitter Tug-of-War: 2012–2013
Thanks in part to the rise of underage hacker crew UGNazi and the Syrian Electronic Army, 2012–2013 saw a solid two years of Twitter takeovers. Trolls from prankster collective Rustle League indirectly seized control of the hugely influential @YourAnonNews account. Social engineering, phishing, and informed password guessing were the primary vectors of attack.
The attacks were mortifying to the high-profile targets, which included Time, the Associated Press, and Mat Honan, a senior writer at Wired. The Syrian Electronic Army extorted an apology from internet news site The Daily Dot for an unflattering depiction of President Bashir Assad. Accounts were returned to their original owners by Twitter support within days or weeks.
Ashley Madison Hack: July 2015
It's every cheater's nightmare: your dirty laundry, out there for the world to see. When extramarital dating site and escort fishing ground Ashley Madison was hacked by "The Impact Team," its users were slower than usual to protest, hoping that keeping their heads down would improve their chances of invisibility. But particularly for high profile users, it was not to be.
LinkedIn Hack II: May 2016
We told you we'd come back to this one. The original hack, in 2012, released over 6 million SHA-1 hashed passwords of LinkedIn users. Now the other shoe has dropped, and an additional 178 million hashed passwords have been released.
(Yes, it's time to change yours.)
How to Assess IT Vulnerabilities for Free
If you have ever wondered what software flaws and vulnerabilities are hiding in your network, now is the time to find out. For a limited time only, EiQ Networks will offer a FREE scan of up to 10 external IP addresses to identify vulnerabilities. You’ll receive an in-depth report that identifies:
- The number of vulnerabilities detected and their severity level
- The number of assets affected and which ones they are
- A detailed description of the threat, its impact, and remediation guidance
Photo: Billion Photos / Shutterstock.com