We see it all the time—a public opinion is given and it’s one that is contrary to the majority. It leads to a fight, perhaps even dogpiling. After days of abuse and harassment, the anvil is dropped: a full name, perhaps with an address (physical or email), and a phone number. The attacks move from the internet to their front door. After personal information has been given out, one of the first questions a doxxing victim might ask is, “But how?”
While once praised, ease of use features (such as syncing new websites to your social media accounts) may now pose security risks, making users more vulnerable to threats like doxxing. The act of obtaining this information is commonly referred to as “hacking,” though it honestly may not be that complicated. In many cases, once a would-be doxxer has gained access to one of your accounts, they find doors open to everything they might need to wreak havoc on their victim’s personal life. In this series, we’ll be discussing common mistakes that we all make and ways we can work around them to keep our web experience as safe as possible.
This week we’ll be focusing on syncing accounts. We see it all the time: sign up for a new service and it gives you the option to create an account or use your Facebook/Twitter logins instead. As a user, we see value in simply pressing the sync button. It’s one less password and username to remember. After all, we are a fast-paced society that doesn’t have any time for that. The temptation only grows with mobile usage, where creating a new account leads to far too many tiny keystrokes. Instead of registering for the new site/service, we simply allow the two websites to work together. On any return visits to the third party website, you need only click the “Log in with Facebook/Twitter” button to find yourself instantly where you need to be. The process seems so streamlined and simple. It is meant to add value and convenience to the web browsing experience, while possibly allowing the third party site to gain information it can use to cater to you specifically.
Since this sort of login requires authorization from you, both Twitter and Facebook store information on sites that have you authorized in the Apps sections of your settings menu on either service. Doxxers can gain access to either account, toggle to your connected Apps, and know which websites they can use without having to figure out additional logins and/or passwords. So, in other words, by syncing these accounts together, you’re creating a cornucopia of private information ready for the taking.
Consider the services you’ve connected this way. It’s common for users to have a third party image hosting site. With iCloud breaches more common than most illnesses, we’ve all come to learn that the images we store can come back to haunt us. You might have synced your gym’s website or a service that allows you to stream your games. The potential is both endless and dangerous.
Instead of providing so much information right at a doxxer’s fingertips, the best action you can take would be to create individual registrations and logins at least for any website that holds your personal data, if not all of them. Creating more than one username and individual passwords certainly helps. If you make it harder for a would-be doxxer to get access to your information, there’s a chance that they’ll be either unskilled or unwilling to make the effort to go any further. Make it hard on them. It’s worth it!
But how do they get access to your Facebook/Twitter accounts in the first place? Tune in next week and we’ll discuss how normal Facebook usage can lead to inadvertently compromising your online security.