Social media security is more important than ever. If your data was a publicly-traded stock, it would be the best investment ever; its value is always on the rise. The funny thing is, it is up for the highest bidder and ignorance is not to be tolerated anymore. You must stay vigilant to protect your self from unwitting attacks.

A practice known as SIM-swapping allows a hacker to get access to your newly sent text messages, but it’s mainly used to intercept security codes sent by text message.

What is SIM swappingSIM swapping involves a hacker duping your cell provider into believing that you’re activating your SIM card on another device. In other words, they’re stealing your phone number and associating it with their SIM card.

Brendan Hesse at lifehacker.com

If you are using or ever set up two-step authentication on your social media account, Twitter, Apple, Google,..etc, then you generally would be receiving an SMS with a code to confirm your identity before you login. That is a security feature that requires a person to prove their identity using a password as well as a second credential, like a code sent to the person by text message or a hardware token. As long as you have access to your phone, then you’re good to go, right? Well, that’s not the case in many cases, like when the Twitter CEO account was hacked using the SIM-swapping method.

But two-factor authentication is not trustworthy. Hackers sometimes trick or bribe phone company employees into transferring their target’s phone number to a new SIM card, which stores a phone number. Hackers took over the Twitter account of Twitter’s chief executive, Jack Dorsey, in the summer of 2019 and used the account to broadcast a string of racist messages.

You would think, the CEO of Twitter is probably in a safer place/account level with it comes to security than the average person. But that’s not how security works. An account on a social media platform is just like public/other accounts that are owned or managed by a celebrity, a political figure or the CEO/owner himself. It is vulnerable to attacks and hacking. They have a complicated password just like you would and is as complicated (or not) as most of us have it. However, the media will be having a funfair talking about the CEO of this or that being attacked, but when it comes to a normal person here and there, not much attention will be given. You have to take security into your hands, but first understanding how accessible and vulnerable the system is.

Social Media is not designed in its infrastructure to be secure, it is designed to provide you a service. It is free to create and use an account, but nothing is free at the end. Data is worth all the money, and every platform and application is designed to grab as much data as possible, otherwise, they would be out of business. Charity apps may be excluded in some cases.

Securing your phone by having an access code is the first step; however, it is still holding most of your personal information in forms of data about your daily life, starting with your location. Many apps require your whereabouts to be turned on to use the app, such as Google Maps, AccuWeather and Uber. But what they do with it is not just that. AccuWeather, for example, will provide you with up to the hour details about the weather in your zip code. On the other hand, it shares your location throughout the day with 3rd party vendors that you do not know about or have given them any consent to allow them to know you are all day. If you spend about three hours reading the terms and conditions, you’d realize that they have the right to share your data, so they’re not legally at fault, just morally none.

You as the potential victim must have awareness and protect yourself, regardless of their business functionality. Once you’re done knowing how your weather for the day, turn off your Location Data. Once you’re done with your Uber, or you have arrived at your destination using Google Maps or Waze, turn off your location. Keep it on all day provides you little service for the value.

“Its is safe to assume that everything you put on social media is public. Information that can be found on that [your social media platform] can be used to authenticate you with different companies.” Says Rachel Tobac, CEO at Social Proof Security.