By Rissa Coronel
In the spirit of Halloween, here’s a horror story for you:
A number of messages alert you to the fact that your Twitter no longer looks like your Twitter. You go online to see that it had transformed into a NSFW spam machine, much to the dismay of your followers browsing at work.
You’ve lost a fair amount of followers, and this is clearly social network suicide. It’s kind of like what happened to that friend of yours on Facebook who bombarded everyone’s timelines with NSFW content. Embarrassed and horrified, you change all your social media passwords and think that is the end of it.
Little did you know that your Instagram would be the next victim. It didn’t seem like a cause for concern that your account would keep logging itself out; you have more than one device for it, after all.
One day—not even a month after the Twitter fiasco—you notice your account is completely missing. You frantically type and retype your username and password, hoping it’s a typo. It’s no use, it’s really gone: all the academic milestones, vacation photos, last memories of relatives, gone, along with your years-old account.
After bombarding Instagram with messages asking them to reactivate the account, they give in with a courteous e-mail: “Hi Cece, your account has been activated and you should be able to access it now.”
Hold up—your name is far from “Cece.” Being fresh from an online security breach, you prepare yourself for the worst that this conniving Cece has done to your Instagram.
The name and bio change don’t faze you anymore. It’s that follower-following ratio that makes your eye twitch. Instagram doesn’t let you unfollow several people too fast—guess you’re stuck following that random low-res baby account, this guy who keeps posting mushrooms, and “yolo extreme official.” You see your account following even more people before your eyes.
That millennial nightmare was actually a reality for me. I got hacked twice in the span of less than a month, in spite of being a non-celebrity who doesn’t even post too much. It’s terrifying to see that you can lose control of online accounts where you keep records of highly personal moments.
I know what you’re thinking. Given everything I’ve just said, I should be the last person to write an internet safety article. Circumstance forced me to read up on proper damage control and prevention, and hindsight was 20/20. Here are some online safety tips I wish I had known before:
• You hear news like “this site had an info leak, millions of usernames are compromised,” but don’t expect yourself to be a part of it, or even remember that you used the site. You can check if your email has been compromised on this website. It delivers, contrary to how silly it sounds. I had two hits on my e-mail address, which explains a lot.
• Don’t use the same password, or even variations of the same word. This was probably my biggest mistake. You could’ve easily brute force-guessed my passwords if you knew at least one variation of it.
• Another big mistake of mine was using an old personal e-mail for signing up for things online. It’s best to have an e-mail that has none of your personal details. You can also use a temporary e-mail like Ten Minute Mail if you know you’re not going to need to check your e-mail ever again after verification.
• Enable two-step authentication, to add an extra layer of security to your password. You can see the different websites that offer this over here.
• Be skeptical about apps that request access to your social media accounts. Review your social media’s linked apps, if you feel like you’ve been too lenient with access in the past.
• Do regular scans antivirus and antimalware scans. I got Bitdefender and Malwarebytes for free.
• Be very wary of when you get logged out of your own accounts. If you want to know if you’ve been compromised, you can check the e-mail, phone number and security questions associated with the account. (Some Russian email was entered on my Instagram when I checked!)
• If you’re like me and found out too late: good news, it’s possible to retrieve hacked accounts. There are workarounds if you’re the legitimate user. (Visit the website’s help center ASAP, and there should be a section for “hacked accounts.”)
Online safety sounds like something they teach in middle school, but you start taking it seriously when these things start happening to you. Hackers have also become a lot craftier since the early aughts. In such internet-dependent times, where transactions are made and friendships are maintained online, I’ve learned the hard way that you can never be too careful.