I was speaking with a friend recently and he narrated his story of how a cybercriminal (hacker) successfully hacked into the social media account of his business, the ordeal he went through in retrieving it, the damages done, and the losses incurred as a result. While sympathizing with him, I asked about the security measures in place before the breach and I was surprised when he told me he had none because he forgot to activate one and he, at that time, did not feel he needed one. Hearing that, one of the several questions that flew through my mind was do we take our online identity seriously? Or are we just negligent to the impact of a successful attack?
With the increasing number of attempts to exploit vulnerabilities in the various digital tools we use, the need for vigilance and implementation of cybersecurity measures in protecting data and digital identity has never been more urgent.
Digital identity, according to Wikipedia, is generally defined as a collection of data stored on computer systems relating to an individual, organization, and devices. For an individual, digital identity is, basically, components of a person’s social identity that exist on the internet. These include, but not limited to, name, date of birth, usernames, password, search history, picture, national identity number (NIN), bank verification number (BVN), record of purchase, et c. While the level of sensitivity differs and the level of public access varies, depending on where such information exists, it is important to judicious in the kind of information due to the impact that might come as a result of exposure, especially in a public domain such as the social media.
With the growing number of social media users, it is safe to say that social media has become a part of our lives, for whatever cause we use them for, be it to capture memories, local and cross-border communications, connections with friends and partners, which on itself is not wrong, but as a result of its versatile nature, reachability and a great number of vulnerabilities attached to each of them, they have also become playgrounds for cybercriminals. According to a 2024 report on the “Top Social Media Hacking Statistics & Trends for 2025” published by Station(a UK-based Cybersecurity Service Provider), over 530 million Facebook accounts were compromised in April 2021, exposing sensitive information such as names, passwords, phone numbers, account names, and phone numbers and this has increased across all social platforms as the same report shows that from 2021 to 2022, the number of hacked social media accounts increased by 1000%. The hacked accounts are utilized by the hackers or sold for cash.
Imagine a scenario where your social media account was hacked and the hacker messaged one of your close ones that you are in urgent need of #100,000 backed by one reason that sounds good to the ears, thereby arousing compassion. Due to the care the person has for you, the money was sent to the account provided by the hacker, only for both of you to discover the scam later when it was too late. You will agree that this kind of situation is pretty bad? Before we proceed to the preventive measures needed to prevent such a scenario and keep our account and digital identity safe, let us look at some of the risks associated with the use of social media.
Risks to Digital Identity on Social Media
- Account Takeover: This is also known as account hijacking. In this case, the hacker completely takes over the social media account of a user. This could be done in various ways but the most common methods are the use of brute-force attacks, password guessing, and credential stuffing (using leaked login credentials from a user’s account to access another account of the same user. Users who are most vulnerable to these are those who use weak passwords, common passwords, and reused credentials thereby exhibiting poor security hygiene. A successful attack grants the attacker access and control to post content and send malicious messages to contacts and connections, usually aligned with their original intent. This could be a demand for urgent help or the posting of malicious links close ones who out of trust click on such to initiate another successful hack.
- Social Engineering: This form of attack involves a hacker manipulating users to divulge sensitive information or act which leads to a successful exploitation. This could be revealing one’s date of birth, account details, national identity number, installing an application, etc. The baits used here are usually get-rich-quick schemes, romance scams, fake downloads, instructions to pull down the security system of your device to help you activate your application, and messages from a close one requiring your urgent action be it to send money or click on a link.
- Private Information Leak: Private information leak could be intentional, like Mr. A posting a picture of himself grinning with his newly gotten atm card, with its serial number on display, as the center of attraction, on his social media page. Information leaks could also be unintentional like Miss B posting a selfie that unintentionally reveals her home address on her social media page. Since it is a public domain, anybody with malicious intent could extract such sensitive information for their own use and before realizing what is going on, the damage has been done with little or no hope of reversal.
- Phishing Scam: In this type of attack, the attacker impersonates a trusted and reputable company, group, website, or individual to trick the user into divulging sensitive information or taking an action that is detrimental. An example of impersonating a website is a cloned Instagram login webpage, which looks like a real Instagram page but is fake. The aim is to steal the login credentials to the person’s login page for their own use. It is important to note that this type of attack is one of the most prevalent and dangerous forms of threat due to its versatile nature.
- Malicious Link: In this case, the attacker shares malicious links to users under the guise of an enticing offer which once clicked activates the download of malicious software which automatically installs itself to the user’s device with a vast range of attack modes. One thing about this type of attack is that the malicious software can remain hidden in the device for a long time while stealing the data of the user without the knowledge of the user.
How to Optimize Social Media Security
Use of Strong and Unique Passwords: Passwords used for authentication are meant to be strong, with a minimum number of eight characters with a combination of numbers, uppercase and lowercase letters, and special characters (@#%^&*).
Also, avoid the reuse of login credentials for multiple social media accounts, thereby ensuring the uniqueness of credentials. This method of security is very crucial due to the fact that it could serve as the bridge between a hacker and a successful social media account takeover. It prevents hackers from guessing authentication passwords and exposes login credential stuffing.
- Use of Multifactor Authentication (MFA): This security method of security requires users to provide more than one form of verification when logging into the account. Most social media use a minimum of two-factor authentication (2FA). This could be answering a question that requires a unique answer known only to the user. One thing about this form of MFA is that it does not take a long time to complete, usually two minutes depending on the social platform.
- Recognize and Avoid Phishing Attempts: It is important for users to be vigilant when it comes to phishing attempts as they could come in different forms like fake personnel from a trusted company requesting personal information from a user, an unexpected money request from a close one, links that do not match the displayed text when hovered on, give away notifications, fake login pages of a cloned social media platform, example, “linkdin.com” instead of “linkedin.com”. Very rarely will you get to see any legit and reputable company requesting sensitive information like passwords, bank details, date of birth, and multifactor authentication code, so confirm before you click on the link or provide information. In a similar light, while you want to honor the request of that loved one requesting urgent money request, why don’t you do your due diligence by calling him or her first to confirm such a request? Hover that suspicious link-imbedded text to display the correct address of the webpage it is linked to.
- Monitor Your Account Activities: Most social media are designed to send a notification anytime there is a login attempt, usually to the mail associated with that account or any other means. This mail also contains instructions on how to swiftly block the illegitimate user if the login was not initiated by the legitimate user to prevent further damage.
Effect of a Successful Social Media Attack
- Identity Theft: The successful hacker gains access to the account and has the control to impersonate the user to post offensive content or commit fraud by sending messages to contacts and connections to request money or to manipulate them into divulging sensitive information.
- Financial Loss: As a result of this attack, the attacker is able to request funds from contacts and connections banking on their trust in the user. Also, the attacker is able to manipulate the desperate legitimate user to pay ransom in order to regain access to their account.
- Loss of Reputation: As a result of the offensive posts by the hacker, the personal and professional reputation of the victim becomes damaged, leading to loss of trust with contacts and connections or customers and brand credibility in the case of a business.
- Spread of Phishing Attacks: A successful social media attack also gives access to the attacker to send malicious link to contacts or post malicious or offensive content which when clicked by the other user leads to another successful security breach.
- Physical and Emotional Stress: Aside from the aforementioned effects, such victim is subjected to both physical and emotional stress as a result of frustration and anxiety. Online exposure to private information, constant harassment, and the need to regain control can increase the stress level of the victim.
Conclusion
While the above-listed preventive measures cannot totally eradicate cyber threats on our digital identity, they help us build enough security resilience to prevent our social media accounts from being hijacked and our personal digital information from being stolen by cybercriminals for malicious reasons.
References
Wikipedia. Digital Identity. Available at: https://en.m.wikipedia.org/wiki/Digital_identity [Accessed 23 March 2025]
Abel, S. (2024). Top social media hacking statistics & trends for 2025. StationX. Available at: https://www.stationx.net/social-media-hacking-statistics/ [Accessed 23 March 2025].
Secure Mobile Phone. Understanding social media security risks: Protecting your digital identity. Available at: https://secureyourcall.com/understanding-social-media-security-risks/ [Accessed 23 March 2025].
By – Inioluwa Afolabi
Assistant Project Analyst