Neal Schaffer details how his social media accounts recently got hacked - and provides six points of advice to help you avoid the same fate.
speaker 0: 0:00
Welcome to another edition of social business Unplugged. Practical advice on how to best leverage social media for your business. Now the host of Social Business Unplugged, author of the forthcoming book Maximize Your Social, published by Wiley and founder of Maximize Social Business, Neal Shaper. Hi, everyone, this is Neil Schaefer. Welcome to another episode of social business. Some plug. I'm coming at you today from Southern California being doing a little bit of traveling in San Diego. I'll be heading off to San Antonio, Texas, to speak later this week. But I wanted to make sure that I got this podcast recorded and we keep to our weekly schedule. So that's my excuse. But it's a good excuse for being here in Southern California. Hey, today I want to talk about something that personally happen to me, and I think that it can happen to ah lot of you and your social media accounts, and it's about the topic of social media and online security on our block maximize social business. We have a contributor, Christopher Bud, who blog's about this in a monthly basis, and he has, ah lot of great tips as to how to secure your social media accounts and your online privacy, whether it's for your personal or your business. Social Media account One of the things that I learned from Christopher was something called Last Pass. No last passes one of these password management tools, but it's critical that we somehow figure out how to create a unique password for eat social Media site we have. And the reason is, I don't know if you remember, But maybe it was last year in 2012. Linked in was compromised. Maybe, I don't know. 5% of the users may have had their passwords compromised. I think it's hit Twitter. It's hit a number of sites and a number of organizations. I think it recently had Apple, in fact, and just because of all that, what Packers air probably doing or can do is once they figure out your password to one account, and obviously, if you were affected by Lincoln or Twitter, you immediately change your password. But were you using that same password on other sites? And if you were well, you changing those passwords at all, I think for those of us who like to optimize and become very efficient, managing our time. We maybe just use the same password for a lot of different sites. We can no longer do that, unfortunately, and we almost have to start using a tool like last pass. Now, I was in the boat where I had never had my account hacked. There was one time on Twitter last year where I got an email from Twitter that said, Neil, your account may have been hijacked. We're gonna have you reset your password. And there was a weird tweet that went out that I never sent out in the middle of the night. Anyway, change password figure it was a one off. I started using last pass. The problem, though, is I never really went back into all my different sites and changed all my passwords. What happened a month ago was I was on instagram and I was just flipping around and wanted to see just a catalog of all my photos. And lo and behold, was a photo that I didn't recognize. I saw the photo and I was shocked. It said, Please look at my profile for the link and there was a link that had replaced my whole profile bio That was really scary. Immediately deleted. None of my friends contacted me on it. I don't think they saw it, but I immediately deleted it, redid my password, redid my bio. And you know what have you now? That was a warning signal, because that same post, I believe it's almost the same poster, at least the same link It was Saturday morning, and I don't know how many of you know this, but I practice soccer with my son every morning. And so Saturday morning, I'm out practicing soccer, and I just look at the notifications on my smartphone during a break, and one of my Facebook friends said, Neil, I think your account was hacked. I immediately go into my Facebook account. And lo and behold, there's a post with a similar link to a weird sight that's on my Facebook wall. And I'm like, Wow, I can't believe this is happening to me now. I didn't have my computer with me. I was on my smartphone, didn't have access to all my tools. What have you So I was very, very limited. Got home two hours later, went through and I did a little bit of digging. So the immediate thing is, you change your password. The funny thing is, on Facebook, I had already changed my password. Last pass walks degenerate. A very, very hard to decipher unique password for each site. So I had already changed the password. Some thinking, you know, they couldn't have come through through the password. I don't even remember the pastor of myself. So the next thing I thought and all of you should know that Facebook, like Twitter and even linked in now and instagram, for that matter, you give access to third party applications to use your site, right? So I immediately went into all the applications that were authorized to use my Facebook account. And, you know, over time that builds up you try a social media dashboard. Here is sign ups like cloud and credit. All these different sites have authorization, actually post on your behalf, and you never really think about it until you end up in a situation that I was in. Like, Wow, I wonder which of these ops did it. I just deleted a bunch of them that I hadn't been using. But you know what? I couldn't think of the one that could have posted. So I started digging around, huh? If this was on my Facebook, while I wonder if my other accounts got hacked. Lo and behold, my Twitter account had the same post. One of my two Facebook pages have the same post. This is where it started to get interesting. Why only one of the two pages? And then I went in and saw both of my Twitter accounts and Schaeffer an M social business had it. I saw that one of my two linked in company pages had it. And then I noticed that my Google plus business page for Maximize social business had it. And that's where I said, Ah ha. Okay, these are all unique passwords. I would find it very hard to believe that I would get certain passwords hacked, but they wouldn't go on all of my sight. So I started to put the pieces together, realized that it was my hoot suite account that I won't say God compromise because I've been working with hoops. We customer support realized that hoot suite was never compromised. But whoever was doing this these hackers que there now not just doing individual sites they're going on to hoot sweets could radiant 60 Next could spout social. Be Next could market me. Sweet Pea Next could tweetdeck me next. We don't know, but any dashboard that you have access that gives someone that gains access. The ability opposed to several counts is a prime target for hackers. And it's funny because out of all the social networks that that rogue tweet or rogue Post went out on on Lee Twitter sent me an email notification saying, Hey, we believe your account was compromised. We've reset your password. None of the others did that. So Twitter, I think, is one step ahead of the rest. But it's funny, because even the email from Twitter said, Make sure that you reset your password, makes you look through all the third party APS. It didn't really talk about not just looking at the third party opposite of authorization, but those trusted social media dashboards and third party Web sites that have the ability to post to also make sure you change the passwords there. So this, I think, was the first sort of hoot suite hack, and it's funny because on Twitter, and like I said, I think of a Sunday. I did a search and a number of people evidently had had the same issue. Maybe they sent it for who sued a long time ago. Never used it, Authorized a few social networks. Boom. So really, the message of this podcast And it's important, obviously not only for yourself, but for your business is number one to have a unique password freed site. And in order to facilitate that, I highly recommend last pass. L A S T P A s s There are other service is out there. This is the one I use that just comes highly recommended it It's been great. The second thing is, ideally, if you could on a regular basis, change that password like on a monthly basis, you're doing even better. If you can figure out a system, I'm not there. He had a shot experimenting with it. It's something that you may want to consider as a best practice in the future. Now, step number three is for sites that offer two step verification. And once again, Christopher Bud blogged about Twitter just starting to offer this recently. It just gives you an extra layer security make sure that your you have two step verification on every single social network or social media dashboard that Iran and once again go back in to maximize social business. Do a search and Christopher buds posts, and you're gonna get a lot of great information. The fourth thing is, obviously go through those third party APS that you have authorized on Facebook. Twitter linked Emma, have you? And just the lead out the ones you're not using, like me. Maybe you demo it a bunch of tools a year or two ago, and they still have authorization. Limit your risks, right? The next thing you want to do is step number five is you want to obviously go into all those social media dashboards. I wouldn't even stop. They're going to every single web service. Okay, email marketing. What have you go in there and make sure once again that you have as unique of a password free site like you do for your social networking sites? The last thing and this is the most important. If you're a business, okay, and you have employees or you have outsourced agencies or contractors that are managing your social media accounts, they need to do the same thing. If I had authorized Hoot suite to post to my client's Facebook accounts or Twitter linked in accounts, they would have all gotten hit by the same tweet, even though it had nothing to do with them it at all to do with me, the employees, the contractor, the agency. So that I think, is probably the most important thing to remember out of this. It's important to educate everybody on the security procedures. Hopefully, about the time you hear this podcast, I will have created a block post that you can send people to to make sure that they're fully educated. I'm gonna include links to Christopher Bud sites as well. But once again, on social business unplugged, we cover a lot of topics related to social media for business. I like to keep it riel. I like to keep it current. I like to keep it fresh. Hope you learned a thing or two out of this podcast. If you liked it. Please tell your friends really appreciate all those five star ratings on iTunes. If you have something you want to be covered on this show, please contact Neil Schaefer. Maximize social business. That's it for today. Everybody stay safe out there. It's a wild, wild world online. Hopefully, this will help you all stay safe as best as possible. And I wish you all a great remainder of your day. That's it for today, folks. We'll talk again next week. Thanks for listening to another edition of Social business Unplugged. We appreciate your subscribing to our podcast and adding your rating and comments in iTunes. If you would like to appear on this podcast or of content that you would like covered, please contact Neil Schaefer. Kneel at Maximize social business dot com for additional social media. For business advice, please make sure to check out your new social media for business resource at maximized social business dot com. Thanks again and make it a great day, right?