(844) 627-8267
(844) 627-8267

Instagram Trend Could Be a Gift to Hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Most experts agree that sharing personal information online is a bad idea.
Omar Marques/SOPA Images/LightRocket via Getty Images

  • Instagram users are answering a list of personal questions to “get to know me.” 
  • One cyber security expert warned it could make it easier to hack people’s accounts.
  • Viewers dismissed her warnings, but experts agree sharing even innocuous data can be risky.

It seems people spent the last few days of 2023 encouraging their followers to get to know them better. Or, according to one cyber-security expert, helping potential hackers access their information.

It’s all down to a popular template of 11 questions that people are answering on Instagram, freely giving away personal information like their height and date of birth, and various details about things they feel strongly about, including favorite food and phobias.

The trend appears to have gained traction in late December, although similar templates have circulated on different platforms pretty much since the advent of social media itself.

It’s unclear how widespread the latest iteration is, as most users appear to be posting their answers on Instagram stories, which disappear after 24 hours. But in recent weeks, many have re-uploaded their answers to TikTok, too, with the title, “Get to know me.”

But one creator is warning people to avoid it, suggesting there could be unforeseen consequences to participating in the trend.

Eliana Shiloh, whose LinkedIn profile says she’s a cyber and strategic risk analyst at Deloitte based in Chicago, posted a TikTok video about the trend on December 23.

“I won’t lie, I almost fell victim to this. I literally started filling it out, and then I was like, ‘Wait a damn minute,'” she said.

She went on to explain she thought the prompts matched some security questions she had attached to her personal accounts, and suggested hackers could “have a field day” with the trend.

“If you did that trend, delete that shit right now. Get rid of it. Remove all proof of it from the internet,” she said, adding that she felt “we’re inching” closer to sharing social security numbers online.

Her video received 1.6 million views, but many of the responses seemed to dismiss her concerns. Comments accused her of “reaching” and wrote that it was a big step from sharing a favorite color to a social security number. A huge number of viewers also disputed her premise, saying the questions in the template did not coincide with typical security questions.

In fact, it’s unlikely most people have security questions at all. Lisa Plaggemier, the executive director at the National Cybersecurity Alliance, told Business Insider that the personal questions system as a way to regain access to an account when a user has forgotten a password has become all but obsolete. Most companies have moved to more secure forms of multi-factor authentication, like push notifications or codes that get texted or emailed to users, she said.

But that doesn’t mean the trend is harmless.

“You’re really giving a bad guy everything they need to social engineer you,” Plaggemier said of the posts. “What you’re doing here is making their research a lot easier.”

She explained that one of the more common ways hackers operate is by impersonating their targets or the people around them, and giving away so much information all in one place could make a user more vulnerable to attack.

Shiloh appeared to suggest something similar in a follow-up video later that same day.

“If I have to sit here and explain why giving out a list of your personal information online is dangerous, then like…” she began. “Obviously no one’s security question is ‘what is your birthday?’ But using your birthday, they can find out a lot of things about you and use that information to get into some of your accounts.”

Plaggemier told BI that having your social media accounts locked and private is one of the best things we can do to avoid being hacked, though she noted that it’s common for people to fall for impersonation scams and accidentally add fake accounts to their contacts, so it’s not foolproof.

Posting personal information online is always a risk

Experts tend to agree that listing personal information online isn’t advisable. The National Cybersecurity Alliance, the DOJ, and various cyber-security platforms all warn against it, explaining that even information that may seem innocuous can be used to hack accounts.

In 2020, email security company Tessian spoke with hacking experts who confirmed that personal information shared on social media contributes to cyber-attacks.

It’s not the first time a seemingly harmless trend has faced scrutiny over personal data concerns.

In 2020, as many college seniors were graduating in the middle of a pandemic, people began to share their own graduation photos on social media in solidarity, tagging them #ClassOf020, the University of Pennsylvania publication PennToday reported.

Joseph Turow, a professor of communication at the college, told the outlet this could be risky.

“Hackers looking to break into your private accounts could use any piece of information you share in a viral challenge,” he said. In this case, it could lead them to where you went to college, what year you graduated, and even extended social circles, which could be used “to hack social media accounts, guess security questions on financial sites, and send customized ‘spear phishing’ messages designed to fool you into forking over sensitive information.”

It’s a high price to pay for a social media trend, even if it doesn’t feel likely to happen to you.

Meta, which owns Instagram, did not immediately respond to Business Insider’s request for comment. Eliana Shiloh did not immediately respond to a request for comment.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW