Hacker attacks are nothing new – yet they seem to have evolved in terms of focus and impact, as recent devastating malware attacks like WannaCry and Petya have demonstrated. Everybody is a target nowadays, but the trend does not stop at large companies and tech giants. It seems that cybercriminals may also show particular fondness towards influencers and individuals or organizations with large social media followings.
Popular Social Media Accounts Provide Wider Impact for Cybercriminals
Social networks have radically changed the communications landscape. Social platforms are routinely used for the dissemination of ideas and opinions and people with many followers on Twitter or Facebook can get their message across in a matter of minutes. This is precisely what makes them so appealing to hackers, especially when it comes to celebrity social network profiles. At the moment, Facebook has more than 2 billion active monthly users, Instagram 700 million and Twitter 328 million; with regard to accounts that are followed by many, malicious content can truly spread like wildfire.
We have all come across it: the suspicious post on a friend’s Facebook account with a link to a great bargain or free air tickets – a malware or phishing link in disguise. Now imagine the ripple effects of more subtly construed malicious links on accounts with thousands of followers. Hackers have been lately known to hijack verified and highly popular social media accounts of public figures like journalists and human rights activists in countries like Myanmar and Venezuela, using increasingly elaborate techniques. They then use the compromised accounts to spread “fake news” to thousands of followers in order to promote their agenda.
Hackers like OurMine Seek Fame in Selecting Celebrity Victims
Another benefit for cybercriminals attacking popular social media accounts is the sheer fame they gain by doing so. The infamous hacking group OurMine that is behind the recent HBO social media account hack are targeting influencers through their social media profiles in a bid to advertise their commercial services – the message to HBO itself urged them to contact the hackers in order to “upgrade” the network’s security. The group have targeted other celebrities in the past, including Google CEO Sundar Pichai, BuzzFeed and Twitter’s co-founder Jack Dorsey.
The group, which has over 40,000 followers on Twitter, managed to hack the Twitter, LinkedIn, Instagram and Pinterest accounts of Facebook founder, Mark Zuckerberg, last year and bragged about it in a similar manner. Around that same time, news emerged that roughly 117 million credentials like username and password belonging to LinkedIn users that were hacked four years ago appeared for sale on the dark web for the amount of 5 bitcoins – the equivalent of around $2,300.
Online Accounts’ Personal Data an Easy Target for Hackers
This highlights another way that hacking into social media proves lucrative for cybercriminals: It provides access to personal information that victims associate with their accounts, either because it is mandatory on that service or out of choice, which goes to show that ensuring data security across different types of personal information is often an underestimated issue. When hackers target information stored on social networks, it is easy to get a hold of low sensitivity data intended for public use, such as Facebook posts or tweets. But accessing high sensitivity personal data that allows the identification of an individual, such as their address, telephone number, or even financial information, could be then used for unauthorized transactions with devastating results.
As such, a hacker that gains access to a celebrity’s blog has access to the personal details of registered visitors that frequently comment, including their emails and selected passwords. Hackers also seem to prefer social media accounts for another reason: they are an easy target. According to an article published last January on Irish Tech News, a whopping 83% of individuals use the same password across different online accounts, while almost 7 in 10 have shared personal info such as passwords or bank details through their emails.
So next time you choose a password for your newest online service account, choose wisely – and make sure you double check for suspicious links posted on your idol’s social media profile.