Neal Schaffer details how his social media accounts recently got hacked - and provides six points of advice to help you avoid the same fate.
[01:03] What is LastPass
[02:46] The Problem When I Didn't Change All of My Password
[05:12] Digging Around
[06:35] Twitter Being Ahead of Other Networks
[07:29] Create Unique Password for Each Site
[07:49] Change Your Password Regularly
[08:03] Use Two-Step Verification
[08:28] Audit Your Third-Party Apps
- But it's critical that we somehow figure out how to create a unique password for each social media site we have.
- Any dashboard that you have access to gives someone that gains access, the ability to post to several accounts, is a prime target for hackers.
- It's funny because even the email from Twitter said, make sure that you reset your password makes you look through all the third party apps, it didn't really talk about not just looking at the third party apps that have authorization, but those trusted social media dashboards and third party websites that have the ability to post to also make sure you change the passwords there.
- So really the message of this podcast and it's important, obviously, not only for yourself, but for your business is number one, to have a unique password for each site.
- It just gives you an extra layer security, make sure that you have two step verification on every single social network or social media dashboard that you're on.
- It's important to educate everybody on the security procedures.
- Join My Digital First Mastermind: https://nealschaffer.com/membership/
- Learn about My Fractional CMO Consulting Services: https://nealschaffer.com/cmo
- Download My Free Ebooks Here: https://nealschaffer.com/freebies/
- Subscribe to my YouTube Channel: https://youtube.com/nealschaffer
- All My Podcast Show Notes: https://podcast.nealschaffer.com
Welcome to another edition of social business unplugged, practical advice on how to best leverage social media for your business. Now, the host of social business unplugged, author of the forthcoming book, maximize your social published by Wiley and founder of maximize social business. Neal Schaffer. Hi, everyone. This is Neal Schaffer, welcome to another episode of social business unplugged. I'm coming at you today from Southern California, been doing a little bit of traveling in San Diego. I'll be heading off to San Antonio, Texas, to speak later this week. But I wanted to make sure that I got this podcast recorded. And we keep to our weekly schedule. So that's my excuse. But it's a good excuse for being here in Southern California. Hey, today, I want to talk about something that personally happened to me. And I think that it can happen to a lot of you and your social media accounts. And it's about the topic of social media and online security on our blog, maximize social business, we have a contributor, Christopher Budd, who blogs about this on a monthly basis. And he has a lot of great tips as to how to secure your social media accounts and your online privacy, whether it's for your personal or your business social media account, one of the things that I learned from Christopher was something called LastPass. Now LastPass is one of these password management tools. But it's critical that we somehow figure out how to create a unique password for each social media site we have. And the reason is, I don't know if you remember, but maybe it was last year in 2012, LinkedIn was compromised, maybe I don't know, 5% of the users may have had their passwords compromised. I think it's hit Twitter. It's hit a number of sites and a number of organizations. I think it recently hit apple in fact, and just because of all that, what hackers are probably doing or can do is once they figure out your password to one account, and obviously if you are affected by LinkedIn or Twitter, you immediately changed your password. But were you using that same password on other sites. And if you were, were you changing those passwords at all, I think for those of us who like to optimize and become very efficient at managing our time, we maybe just use the same password for a lot of different sites, we can no longer do that, unfortunately. And we almost have to start using a tool like LastPass. Now, I was in the boat where I had never had my account hacked. There was one time on Twitter last year where I got an email from Twitter that said, Neil, your account may have been hijacked, we're gonna have you reset your password. And there was a weird tweet that went out that I never sent out in the middle of the night anyway, changed password figure it was a one off, I started using LastPass. The problem though, is I never really went back into all my different sites, and changed all my passwords. So what happened a month ago was I was on Instagram. And I was just flipping around and wanted to see just a catalog of all my photos. And lo and behold was a photo that I didn't recognize. I saw the photo and I was shocked. It said please look at my profile for the link. And there was a link that had replaced my whole profile bio, that was really scary, immediately deleted. None of my friends contacted me on it. I don't think they saw it. But I immediately deleted it. redid my password redid my bio. And you know, what have you. Now that was a warning signal. Because that same post, I believe it's almost the same post or at least the same link. It was Saturday morning. And I don't know how many of you know this, but I practice soccer with my son every morning. And so Saturday morning, I'm out practicing soccer. And I just looked at the notifications on my smartphone during a break. And one of my Facebook friends said, Neil, I think your account was hacked, I immediately go into my Facebook account. And lo and behold, there's a post with a similar link to a weird sight that's on my Facebook wall. And I'm like, Wow, I can't believe this is happening to me. Now I didn't have my computer with me I was on my smartphone didn't have access to all my tools, what have you. So I was very, very limited. I got home two hours later went through and I did a little bit of digging. So the immediate thing is you change your password. The funny thing is on Facebook, I had already changed my password LastPass Boxty generate a very, very hard to decipher a unique password for each site. So I had already changed the password. So I'm thinking you know, they couldn't have come through through the password. I don't even remember the password myself. So the next thing I thought and all of you should know that Facebook like Twitter and even LinkedIn now and Instagram for that matter, you give access to third party applications to use your site, right. So I immediately went into all the applications that were authorized to use my Facebook account. And you know over time that builds up you try a social media dashboard here. You sign up like Cloud and cred. All these different sites have authorization to actually post on your behalf and you never really think about it until you Did you end up in a situation like I was in like, Wow, I wonder which of these apps did it I just deleted a bunch of them that I hadn't been using. But you know what? I couldn't think of the one that could have posted. So I started digging around and said, Hmm, if this was on my Facebook wall, I wonder if my other accounts got hacked. Lo and behold, my Twitter account had the same post, one of my two Facebook pages have the same post. This is where it started to get interesting. Why only one of the two pages and then I went in and saw both of my Twitter accounts, Neal Schaffer and M social business at it. I saw that one of my two LinkedIn company pages had it. And then I noticed that my Google Plus business page for maximize social business had it. And that's where I said, aha, okay, these are all unique passwords, I would find it very hard to believe that I would get certain passwords hacked, but they wouldn't go on all of my sites. So I started to put the pieces together realized that it was my HootSuite account that I won't say got compromised because I've been working with Hootsuite customer support, realize that HootSuite was never compromised. But whoever was doing this, these hackers, Kay, they're now not just doing individual sites, they're going on to Hootsuite could radiant six be next could spell social the next could market me sweeping next could Tweet Deck be next, we don't know. But any dashboard that you have access to gives someone that gains access, the ability to post to several accounts, is a prime target for hackers. And it's funny because out of all the social networks that that rogue tweet, or rogue post went out on only Twitter sent me an email notification saying, Hey, we believe your account was compromised, we reset your password. None of the others did that. So Twitter, I think is one step ahead of the rest. But it's funny because even the email from Twitter said, make sure that you reset your password makes you look through all the third party apps, it didn't really talk about not just looking at the third party apps that have authorization, but those trusted social media dashboards and third party websites that have the ability to post to also make sure you change the passwords there. So this I think, was the first sort of HootSuite hack. And it's funny because on twitter, and like I said, I think it was Sunday, I did a search and a number of people evidently had had the same issue. Maybe they signed up for HootSuite a long time ago never used it authorized a few social networks boom. So really the message of this podcast and it's important, obviously, not only for yourself, but for your business is number one, to have a unique password for each site. And in order to facilitate that, I highly recommend LastPass LS TPSS. There are other services out there. This is one I use that just comes highly recommended. It's been great. The second thing is ideally, if you could on a regular basis, change that password like on a monthly basis, you're doing even better. If you can figure out a system. I'm not there yet. I've tried experimenting with it, it's something that you may want to consider as a best practice in the future. Now, step number three is for sites that offer two step verification. And once again, Christopher Budd blogged about Twitter just starting to offer this recently. It just gives you an extra layer security, make sure that you have two step verification on every single social network or social media dashboard that you're on. And once again, go back into maximize social business, do a search on Christopher buds posts, and you're gonna get a lot of great information. The fourth thing is obviously go through those third party apps that you have authorized on Facebook, Twitter, LinkedIn, what have you, and just delete out the ones you're not using. Like me, maybe you demoed a bunch of tools a year or two ago, and they still have authorization, limit your risks, right? The next thing you want to do step number five is you want to obviously go into all those social media dashboards, I wouldn't even stop there, go into every single web service, okay, email marketing, or what have you. Go in there and make sure once again, that you have as unique of a password for each site like you do for your social networking sites. The last thing and this is the most important if you're a business, okay, and you have employees or you have outsourced agencies or contractors that are managing your social media accounts, they need to do the same thing. If I had authorized Hootsuite to post to my clients, Facebook accounts or Twitter or LinkedIn accounts, they would have all gotten hit by the same tweet, even though it had nothing to do with them. It had all to do with me, the employee, the contractor, the agency so that I think is probably the most important thing to remember out of this. It's important to educate everybody on the security procedures. Hopefully by the time you hear this podcast, I will have created a blog post that you can send people to to make sure that they're fully educated. I'm gonna include links to Christopher Budd sites as well. But once again on social business unplugged, we cover a lot of topics related to social media for business. I like to keep it real. I like to keep it current I'd like to keep it fresh. I hope you learned a thing or two out of this podcast. If you liked it, please tell your friends. I really appreciate all those five star ratings on iTunes. If you have something you want to be covered on the show, please contact Neal Schaffer maximize social business. That's it for today. Everybody. Stay safe out there. It's a wild wild world online. Hopefully this will help you all stay safe as best as possible. And I wish you all a great remainder of your day. That's it for today, folks, we'll talk to you next week. Bye bye. Thanks for listening to another edition of social business unplugged. We appreciate your subscribing to our podcast, and adding your rating and comments in iTunes. If you would like to appear on this podcast or have content that you would like covered, please contact Neal Schaffer Neal at maximize social business.com for additional social media for business advice. Please make sure to check out your new social media for business resource at maximize social business.com Thanks again and make it a great day.