Blog header image: screenshot of a social media post advertising an account for sale

Social Media Hack? Don't Risk It! Account Security Strategies for Creators & Influencers

Published

May 2, 2023

Recently, in Seattle (Kanary HQ — though we hire remote👋), a popular local bakery posted an Instagram story advertising that their account was for sale. All of their posts from the past year were deleted. Oddly enough, they’re in the middle of an expansion — were they changing business names as well? There was no additional information to be found.

Screenshot of an instagram post saying "Our account is for sale, to buy, just send a message"

It turns out, their Instagram account was stolen. And being locked-out meant they had no way to share an alert about this in the place most of their customers and followers stay up to date. Not only did they lose access to a vital business tool, but they also put their followers at risk to be scammed by the fake account sale.

The worst part: most social media sites offer little recourse when you’re compromised or locked out. They’re extremely difficult to contact and their primary support channels are slow and can be unhelpful.

No one is completely hack-proof, but with some simple strategies, you can stay ahead of amateur hackers. We’ve put together a list of easy-to-practice tips that can put you more at ease by keeping your accounts, business, reputation, safety, and even followers more safe.

1. Harness the Power of Password Managers

It’s a hassle to change your habits. But once you do so, password managers can make creating accounts and logging in easier, on top of the security benefits. They’re an invaluable first-line tool for setting unique and strong passwords for your accounts. And if your password is ever stolen, having unique passwords keeps your other accounts safe. Here’s the gist:

  • Automatically generate and store unique and robust passwords.

  • Say goodbye to the struggle of remembering those more complex passwords.

  • Opt for trusted options like 1Password (reddit), Dashlane , or bitwarden (reddit). (We aren’t affiliated with these folks, but our team has personally used them.)

  • Alternatively, if you consistently use one browser like Chrome, Safari, Firefox or Brave, their built-in password managers can be the most seamless for filling in account info. (If you stick to iOS and MacOS, Apple’s Keychain can make passwords a breeze, though their management tools can be buried if you need to dig up a password outside of the site/app that it’s associated with.)

  • If you want to DIY it and generate easy-to-remember passwords that still pass the strength requirements, consider something like the memorable password generator or dinopass if your helping your kids generate and manage their passwords.

With a reliable password manager by your side, you can protect your accounts without worrying about keeping track of numerous passwords.

2. Enable Two Factor Authentication

In the case of the local bakery, they had received a message announcing that having reached a certain follower count, they could be verified. This was presumably a phishing attempt, and when they clicked and an instagram-like website, they entered their password. Even with their password now stolen, the account would have been protected had they enabled two-factor (2FA) or multi-factor (MFA) authentication.

This means that when you log in to your accounts, you receive a secondary verification code to your phone, email, or dedicated authenticator app. With that in place—even if your password is leaked or stolen—you’re still able to stop an attacker from accessing your account.

One warning: while enabling 2FA via text messages (SMS) is often the easiest way to get started, SMS is surprisingly insecure.

We recommend grabbing a dedicated authentication app, such as Twilio’s Authy, Google Authenticator, or Microsoft Authenticator. The Authy team has even put together guides on how to set up many popular services with multi-factor authentication.

P.s. If you’re a Kanary user, look for the 2FA option in the Authentication section of your Settings. (It’s just one of many security features that we include to protect our members’ accounts and data.)

3. Get alerted when your account credentials are compromised

Keep your accounts secure by anticipating hackers’ strategies and remaining vigilant. Many attackers will simply purchase breached data on forums, then use that information to take over an account and auction off ownership.

Services like HaveIBeenPwnd monitor various breach data sets that hackers are likely to purchase. They’ll send you an email notification when your email or passwords show up. Getting an early alert helps you stay ahead of the hack if you change your password immediately.

Our recommendation: Check your exposures on haveibeenpwned.com, and sign up for their free notification service.

4. Keep your account credentials and personal info private

When hackers take over accounts, they do it via a few means:

  • Brute force: Guessing a password

  • Breach: Buying or obtaining hacked data.

  • Social engineering: Impersonating you

If your personal information like email, phone number, address, photos, location is broadcasted online, hackers will have a much easier time spoofing your identity, reaching out to support, bypassing your security questions, and getting access to your account.

Kanary provides tools to find and remove what’s already out there, but you can limit the amount of information available going forward by paying closer attention to what you’re sharing yourself.

Our recommendation: Share as little personal information as possible. Check your privacy settings on online profiles to limit what’s exposed. And use a tool like Kanary to find and remove what’s already out there.

For social media creators and influencers, account security is paramount. By incorporating these straightforward and effective tips into your account security strategy, you can maintain a well-protected online presence. With your accounts secure, you can concentrate on expanding your follower base and fostering a compelling online presence. For some additional tips on protecting your privacy as your social media following grows, check out our post Handling Social Media Harassment.

For what’s already out there, Kanary can help remove your personal information such as addresses, ages/birthdays, phone numbers, emails, and more from Google results and data brokers.

Stay safe, and contact our team or try Kanary for free if you’d like to learn more. ✌️

Don't be a sitting duck.

Find where your personal information is being exposed online and remove it for good.

Or, send us a note [email protected]. We’ll respond within a day!

Kanary - Find your exposed personal information, delete it | Product Hunt

© Kanaries, Inc. All rights reserved. 2024