It was recently reported that nearly ever member (approximately 35 Million people) of a South Korean social networking site had their personal data exposed as the result of a hack on Cyworld’s systems.
From the Register:
Names, phone numbers, email addresses, and other details may have been exposed through the Cyworld hack, which follows previous attacks against South Korean government sites and financial service firms.
At the moment it is not clear how significant the impact of this is, but with previous data releases it has been apparent that a significant percentage of users have the same password on their social networking pages as they do with other resources and most people who are heavily involved with social networking provide a significant amount of the ancillary data frequently used to verify identity.
Basically a service this size is a hacker / identity thief’s paradise.
While there is little you can do to make sure any social networking sites you use protect your data properly, you can take steps to minimise the risk you face. You should always encourage people to do the following when it comes to engaging with social networking services:
- Never, ever, use the same password for social networking sites and any other “important” service – banking, email, or business networks.
- Try to minimise the personal details you provide – think twice before using your real date of birth and never give away information that matches your alternate identity verification elsewhere (typically mothers maiden name, school, favourite place, first pet etc).
- Be very careful about who you trust on social networking sites. If you get a link from a friend make sure it is legitimate before you follow it.
While security is never going to be perfect. Following some simple rules can minimise your risk exposure and minimise the chances that you will fall foul to an attacker yourself.
Social networking can be great for both personal and business activities so rather than avoid it, embrace it with care and caution.