Social Media and Security
June 7, 2012 9:43:34 AM PDT
As many of you have probably noticed today, it looks like millions of hashed passwords from LinkedIn have been leaked and posted. While details of the compromise are still being investigated, LinkedIn has confirmed that at least some of these passwords do correspond to LinkedIn accounts. If you use LinkedIn, now would be a good time to change your LinkedIn password, as well as any other accounts that may share the same password, especially those at UCSD. Once they determine the cause of the breach and fix it, you should be prepared to change your password again.
This is a good reminder to use different passwords for different accounts, especially work and banking accounts. Don't underestimate the value of your e-mail account as password reset links for banking and other high-value accounts are often sent to the e-mail address on record.
From posting reviews to keeping in touch with family, social media can enhance our lives. However, it also poses security risks that are uniquely its own. In order to ensure you and your family's safety, we recommend the following security guidelines when using social media.
Never post information that you wouldn't share with a criminal.
From a social perspective, you should post like your mom or your boss is reading over your shoulder. From a security perspective, you should post like a criminal, thief, or stalker is watching.
In the good old days, you would never leave an answering machine message that you were out of town and your house would be empty for the next week but people frequently post when they’re out of town. When in doubt, consider what someone with malicious intentions could do with the information you’re disclosing.
This also means you should not post personal information such as your address or phone number. Consider removing contact information from your account. Anyone who should have your contact information probably doesn't need to go to Facebook to find out your phone number or email address.
Use a different password.
First, you should always use a strong password, especially on social media sites where traffic is high and therefore very appealing to hackers. In addition, make sure the password you’re using is unique and you're not using it for other websites. Why? You want to limit security breaches. By using an identical password you’ve made it easier for hackers to access your personal information, because once they’ve figured out your singular password they can access all of your accounts. If someone hacks your Facebook account, you don't want them to also be able to gain bank account information or any other personal information.
Limit permissions but don't trust those limits.
Limit the number of people who can view your account by posting information only to your friends group rather than publicly. Only add people to your friends list that you actually know. However, this should not lull you into a false sense of security. Just because you've limited permissions doesn't mean that information is safe. It is very easy to accidentally post publicly or have a friend copy that information and pass it on to their friends list or post it publicly.
Don't grant access to plugins, games, or add-ons.
You should assume that all plugins, games, and add-ons that you allow to connect to your account can access the information that you provide to your social media provider. There have been several security leaks from top app providers. Once that information has been obtained, they can do what they want with that information including resell it to third-party vendors. Play games independent of your account and say no to any requests to access your account from outside vendors.
See what apps you have already granted access to on Facebook and block that access.
Make sure your login is secure.
Any time you are entering your username and password, you should see https proceeding the web address. If you don't see that "s" then the login is not secure and any personal information (like username and password) could be obtained by someone with malicious intent.
Be aware of what you're agreeing to with your social media provider.
When you joined the social media website, you probably clicked that you read all the terms and conditions but that's a lot of information to take in. Look at the privacy policies of your social media provider to determine of your social media provider still meets your privacy needs.
If you're using social media for UC San Diego or marketing purposes, we recommend that you look at The Social Media Guide written by University Communications and Public Affairs.
Need help with Facebook privacy settings? Check out this Wired article.
Find out how to change your Google+ settings.