More than five years after Cambridge Analytica’s first reported Facebook user data acquisition, information security and privacy on major social media platforms continue to be headline fodder.
Recent studies have revealed that 80% of people are concerned about who can access their data on social media sites, and for good reason. Nearly a quarter of social media users have been victims of a cyber attack, with the July 2020 Twitter hack fueling increased skepticism about the effectiveness of the measures put in place by the service providers.
What are the most significant security threats associated with social media platforms? And what steps can users take to safeguard their profiles and the information they publish? This blog post will break down the current state of data privacy on social media and outline key actions to avoid data exposure.
Data Privacy on Social Media Post-Cambridge Analytica Scandal
Facebook’s Data Privacy Woes
Despite several other competing lowlights, the Cambridge Analytica scandal remains the lynchpin moment in social media’s checkered cyber security history.
In March 2018, a series of reports from major publications such as the New York Times and the Guardian exposed the fact that digital firm Cambridge Analytica gained access to over 50 million Facebook users’ personal data without their consent. This data leak helped generate detailed psychological profiles of users based in the United States, which was then leveraged by Donald Trump’s campaign leading up to the 2016 presidential election.
The firm worked with funding from right-wing donor Robert Mercer and, at the time of the data breach, featured former Trump aide Steve Bannon on its board. Former Cambridge employee Christopher Wylie, who also helped found the company, said leadership wanted to use their newfound data-driven powers to “fight a culture war in America.”
In the aftermath of the Cambridge Analytica, which featured both a congressional grilling for Facebook founder Mark Zuckerberg and a swath of promises from his management team, the company insisted it would change its ways regarding data privacy. In a statement posted on his Facebook page, Zuckerberg went so far as to say the following:
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”
However, Facebook’s public skewering ended with the US Federal Trade Commission (FTC) ordering the company to pay a record $5 billion fine to settle privacy concerns. FTC Chairman Joe Simons remarked that “despite repeated promises to its billions of users that they could control how their personal information is shared, Facebook undermined consumers’ choices.”
LinkedIn and Twitter Get Hacked
Facebook wasn’t the only social media platform to suffer public humiliation from data breaches.
Let’s start with LinkedIn. In 2012, the company lost 167 million account credentials, including encrypted passwords. In 2016, LinkedIn publicly admitted that the data stolen during that attack was being sold online on the dark web.
Despite claims of strengthened data security, LinkedIn was sued by a New York-based iPhone user in 2020 as part of a proposed class-action lawsuit. The plaintiff alleged that LinkedIn was accessing and diverting sensitive information from Apple’s Universal Clipboard app without notifying users.
Then there’s Twitter. After 32 million passwords were compromised in 2016, and after the company admitted that more than 330 million credentials were exposed in plain text form (!) in 2018, they were targeted with a 2020 social engineering attack.
The latter saw hackers gain access to Twitter’s internal systems via manipulated employees. After that, the cyber criminals used more than 100 high-profile accounts, including those run by Apple, Bill Gates, and Elon Musk, to entice users to contribute to a bitcoin donation scam. All told, the cyber attack lined the hackers’ pockets with over $120,000 in cryptocurrency.
Twitter’s official response outlined the steps being taken to supposedly strengthen their data security, which included “significantly limited” access to internal tools and systems. Unfortunately, this initiative also impacted processes and slowed down overall support response times.
Social Media Data Privacy GDPR Implications
Since the widespread implementation of GDPR in May 2018, data privacy awareness continues to be a hot topic for all kinds of organizations around the world.
These data breaches exemplify why organizations need to get even more stringent with their own privacy regulations. Although these scandals may not be considered full-on PII breaches (read: the Equifax fiasco), the respective fallouts increased share price volatility and, more importantly, eroded consumer trust in recognized brands.
According to the GDPR website, the regulations apply to all organizations that process the personal data of EU residents, regardless of the enterprise’s geographical location. Moreover, failure to comply with its directives may result in hefty fines, reaching up to €20 million or 4 percent of global annual revenue.
For a more detailed list of GDPR compliance requirements, consult this official checklist via their website.
The Future of Social Media Data Privacy
More than two years after the Cambridge Analytica story broke, social media’s biggest players have, at least in some respects, changed their ways. However, as Wired’s Issie Lapowsky noted in 2019, any long-term answers to the tech industry’s overarching data privacy concerns remain frustratingly unclear:
“A year after the Cambridge Analytica story broke, none of these questions about privacy has yielded easy answers for companies, regulators, or consumers who want the internet to stay convenient and free, and also want control over their information. But the ordeal at least has forced these conversations, once purely the domain of academics and privacy nerds, into the mainstream.”
Facebook and its social media brethren continue to put the onus on their users, giving them control over their own data and upping education efforts on securing the information they post and share. But are these initiatives enough? Can user error prevent data exposure that’s almost always out of their control?
The answer will change depending on who you ask. However, one thing is sure: Today’s cybersecurity landscape underscores the importance of data privacy. If not strengthened by effective, targeted security awareness training, organizations and their employees may be increasingly susceptible to complex, real-world social media cyber attacks.
How to Protect Your Social Media Data
If you’re a regular social media user, it’s critical to understand the mechanics of how your data is stored, used, and accessed by both the platforms themselves and any third parties. The latter includes APIs used to create accounts on external websites using Facebook, Twitter, LinkedIn, or other social media credentials.
Here are some tips to help you better protect all your personal information on social media websites:
Read the Privacy Policies
Create Strong Passwords
Always use a strong and unique password for each social media account. This means using a combination of both uppercase and lowercase letters, numbers, and special characters. For added protection, Terranova Security recommends enabling multifactor authentication (MFA) for all social media accounts.
For more information on strong password creation and maintenance, download the kit from our Cyber Security Hub.
Adjust Your Privacy Settings
Be Mindful of What You Share
Before posting, sharing, or updating personal information on a social media platform, consider where that data will live on the site and who will be able to see it. This precautionary step, which applies to photos and videos too, is key to the safe curation of your social media activity.
Get Consent from Others
Mindfulness on social media also extends to posting or sharing others’ information, regardless of whether it’s in a personal or professional setting. Before posting information that other parties may consider sensitive, make sure you have their consent, and they understand where the data will live and who has access to it.
Watch Out for Scams
Finally, keep your eyes open for scams that regularly pop up in social media newsfeeds or even personal messages. From phishing and spear phishing threats to malware sharing, inspect every post, message, and link thoroughly before engaging with or sharing it.
Various recent social media data breaches have rocked the tech community and dented consumer confidence in how sensitive information is treated across different social platforms. That said, with Facebook and other companies pledging to do right by their mistakes, real change is likely on the horizon.
With accelerated digital transformation and distributed workforces becoming the norm worldwide, it’s also imperative that organizations everywhere install the right data privacy regulations to help safeguard their data from increasingly complex cyber threats. More than ever before, this process involves effective security awareness and phishing training.
Data Privacy Awareness Kit
If you’re looking for the best place to start your information security journey or looking for additional information to bolster existing initiatives, make sure you check out Terranova Security’s data privacy kit that’s sure to be a valuable asset for end users and business leaders alike.
Get yours now!