Last August, the University of Michigan's football, basketball and athletics Facebook pages were hacked into, with intruders posting racy content before either the university's athletics or IT departments were able to respond.
In April, entrepreneur Elon Musk's Twitter account was broken into, along with the Twitter account for his company, Tesla Motors. The attackers posted random tweets, including one pretending to offer a free car to people who called the phone number in the tweet.
Back in February, Chipotle's Twitter account was taken over, with a Nazi swastika logo posted along with a flurry of hateful and racist tweets.
And in 2014, Indiana University's Office of Enrollment Management experienced a Twitter account takeover, forcing the deletion of many spamming tweets from their timeline.
These intrusions are far from the only examples; many individuals and groups suffer social media account hacks that never make the news. The IT security research firm Kaspersky Labs published a finding that 1 out of every 4 Internet users responding to their survey had suffered a hacked account, with 11 percent of those respondents saying it was their social media account that had been broken into. Worse yet, some respondents stated they had not used strong passwords, nor had they enabled strong privacy controls. If the study is indeed representative of all Internet users, many people have exposed themselves to losing control of their social media accounts.
There are many ways to protect social media accounts. One of the best controls available now is two-factor authentication, or “2FA”. 2FA involves not just using a password to access an account, but also providing some other piece of information during login, most often a temporary, one-time code sent to you via email or text. Social media companies like Facebook, LinkedIn, Twitter, and Tumblr are increasingly adopting this method for strengthening an account’s security.
Other sites can be found simply through web searches.
2FA is possible even with multiple users on one group or organizational account (for example a firm’s PR department using Twitter). It does take some setup work, however, since most social media sites are designed around a single account corresponding to a single individual.
The way to use 2FA in these account cases would vary depending on the site. Facebook, for example, would require you to create either a “page” or a “group” – which cannot be logged into directly – then assign the proper page role to individual Facebook account holders to allow them to post and perform other tasks. At that point, Facebook’s login approval can be enabled for those individuals. Twitter, unfortunately, does not have any way to do this using only their interface and nothing else; you would have to pay for service from the company Grouptweet to allow multiple users to Tweet from a single account, add other individuals Twitter accounts as “contributors”, then enable 2FA for those individual accounts as well as the company/group/organizational one. That way, everybody has to use 2FA to enter the account, but no one has to share phones or passwords.
Unfortunately there are still many social media sites that do not yet have 2FA options available. There are several lists published on the web listing whether a site offers it or not; two examples are found at Socialcustomer.com’s “How to enable two factor authentication on 50 top websites.” If 2FA is available for the social media service, it’s a good idea to use it. Otherwise, you run the risk of having to spend lots of time regaining control of your account, cleaning up posts that aren’t yours, and having to contact people to let them know the tasteless joke, scandalous image, or offensive post was not yours.