Friday, 22 Nov 2024
Security

2012’s Top Ten Security Problems with Social Media

With the increasing use of social networking websites such as the likes of Facebook, Twitter and Pinterest, the hacking force has also set out to explore this segment which holds great potential owing to its humongous user base. What makes this market even more attractive for hackers is the fact that users tend to indulge in online social networking activities through their smartphones, allowing hackers to reach out and gain access to information besides what is listed on their social media accounts and profiles only. No more do they have to take the pain of installing spyware like iPhone spy or Android spy software on target devices when just a simple click can get the job done. Social media users are therefore increasingly being targeted by hackers and are subjected to all kinds of malicious content from malware to spam, fake messages and what not.

 Social media security

 

Facebook’s Flawed Auto Login Feature

 fb auto login

As pointed out by Hacker News, the auto login feature provided by Facebook for user convenience was actually serving as a gateway for exposing user information only until recently. The feature operated through supported links which were emailed to users for providing quick access to their accounts, freeing them of the hassle of punching in their log-in credentials every time. However, the convenience had to be temporarily terminated by the Facebook authorities when Hacker News revealed how the shortcut had backfired with these links becoming publicly available, compromising more than a million Facebook user accounts by making their associated email addresses as well as pages linked to their profiles open for access.

Facebook’s Two Factor Authentication Glitch

 fb 2 factor authentication

Seems like no matter what measure Facebook tries to take, it has a tendency of backfiring. For instance, the two factor authentication process for Facebook which required users to sync their phone numbers with their Facebook accounts also compromised their security. The phone numbers synced by users for security purposes were available to be used for hunting down profiles of users through the Facebook search tool. This provided a gateway for hackers to look up names of the owners of phone numbers and then use the information for conducting phone-based scams. What made it worse was the fact that there was no limit on the number of allowed searches. The glitch was however resolved upon being pointed out and the number of searches were limited while only allowing identification of users by the phone numbers shared in their Contact Info section rather than through the authentication process.

 

Twitter Photo Scam

 twitter photo scam

Twitter users were made vulnerable to the malicious Balckhole exploit kit this year as a photo hoax was used to lure them into this trap laid down by menacing hackers. The scam enticed its victims by claiming that they had been pictured in an online photo while it actually redirected the users to a Trojan that injected their devices with the Balckhole exploit kit which is capable of wreaking quite a lot of havoc if the infected systems lack proper security measures. Poor users had to turn to software like BitDefender’s Safego for scanning all Twitter activities in order to ensure a safer Twitter experience.

 

Twitter’s Password Reset Flaw

 twitter password reset flaw

Besides the threat of malicious scams, even the basic Twitter security seems to have its own loopholes when it comes to the password reset feature. As it turns out, hackers can easily manipulate the password reset mechanism which does not offer advanced security such as two factor authentication or limiting the number of log-in attempts made from the same account before the user is locked out. Hackers can easily chase the same user account over and over again using different IP addresses until they succeed as that is Twitter’s only criteria for limiting log-in attempts. Such a basic flaw has resulted in many cases of attractive Twitter handles being stolen and sold off this year by none other than a mere group of teenagers for monetary gains.

 

Pinterest Survey Scam

  pinterest survery scam

While Pinterest is a relatively new player in the social media game, it has still managed to attract quite a handsome amount of hackers who prefer this newbie over bigger social networking websites, as reported by Trend Micro. The survey scam on Pinterest has played quite a tremendous role in revealing the personal information of users and subscribing them to unwanted mobile services through bogus pins that claimed to offer discounts or free goodies from brands like Starbucks or even the luxurious Coach. The hoax offers involved clicking on a malicious link which led to the survey scam website and therefore managed to extract users’ information and sign them up for unwanted services, texts and more scams.

 

Asda/Tesco Voucher Scam

 asda voucher scam

Much like the pinterest survey scam, Facebook also received its share of hoaxes for the year. Two firms were fined a total sum of £450,000 for initiating a series of scams offering free vouchers and gift cards for Asda and Tesco on Facebook while in reality these seemingly generous offers resulted in victimized Facebook users signing up for unwanted and extremely costly premium-rate phone services.

 

“Change your Facebook profile color” Scam

Survey scams seem to be the hit thing this year. This color changing hoax is one of the most recent survey scams to hit Facebook, promising to allow users to change the default Facebook profile color from blue to any color of their choice. The process of installing the app however requires the users to fill out a survey first. You must also “like” the app’s page before it does anything for you, and then continue on to a permission page which, once granted permission, allows the app to use your Facebook account to send spam messages to all of your friends.

 

The Ramnit Worm Hits Facebook

 ramnit facebook scam

The Ramnit worm which has been stealing banking details and other such information since 2010 hit Facebook this year, winning over 45000 Facebook accounts. This clever computer worm has been successful in stealing login details and passwords and it did not stop at just that. According to the security firm Seculert, these stolen credentials and seized accounts have been used by the Ramnit malware for further spreading the malicious virus.

 

Twitter and Facebook succumb to SMS spoof

twitter and facebook sms spoof

Twitter and Facebook SMS users were found to be vulnerable to attacks made by any hacker who was familiar with the mobile number linked to their Twitter or Facebook accounts. Hackers could easily send messages to either of the social networking websites and post anything to the users’ accounts by spoofing the source number.

Collaborator Hijacking on Pinterest

 hijacking on pinterest

This threat makes scam pins look insignificant as far as the phenomenon of creating problems for users is concerned. The collaboration option allowed by Pinterest did not initially require an invitation to be sent to the other person and he could be added without consent. After adding someone as a collaborator on a board, the initial user could start pinning inappropriate content which would then appear on the profile of the collaborator. The problem was however resolved later on with an invite being made mandatory to be sent to someone in order to ask them to collaborate with you.

Jessica has become a reliable name in the sphere of Tech. Her work revolving around Computers has earned her great recognition from readers who appreciate it for keeping them up to date with the latest happenings in the trade of Social Media. For details, visit website.