April 19, 2019 · Filed Under Social Media · Comments Off on New Instagram Security Fail Impacts Millions: Are You Safe?
Instagram recently discovered millions of user passwords were being stored in plain text
At KnowEm we take security very seriously. When one uses our social media registration services, we have certain criteria for the passwords to be used for registration. These criteria exist so that we can ensure the accounts created will be secured and accessible only by yourself or your team members that you choose to grant access.
Over the last 10 years, we’ve refined our guidelines and continue to evaluate them to make sure that your information is safe. Sometimes your security is left in the hands of companies that inadvertently expose some of the data that they have been trusted with securing.
In a March blog post Facebook disclosed that tens of thousands of passwords to Facebook accounts had been stored in plain text. This was discovered earlier in January. As a result, on April 18th, 2019, Facebook quietly updated the previously published blog post. They subsequently revealed that in addition to the known visible data, millions more Instagram user accounts than expected were implicated.
Facebook Update to the Report:
(Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).
Facebook has said it will notify all users whose passwords were visible and instruct them to change their passwords. We do not recommend waiting for a message from Facebook to update your passwords. If you have an account on Instagram is it recommended that you change it immediately. This will minimize the chance of someone maliciously accessing your account.
Whenever an incident like this occurs, it is strongly encouraged that you consider changing your passwords. Try not to recycle passwords, it is highly possible they have been discovered in previous data breaches which seem to happenoften. Therefore, an additional step that is recommended is to enable 2 factor authentication or 2 step verification whenever possible.
What You Can Do Next: Security Resources
We’ve compiled multiple resources to assist you with securing your accounts. The most recognizable social media and service platforms are often the first attacked:
A few days ago we had an interesting conversation on Facebook discussing what you should do (digitally-wise) once your baby is born. It started from this meme:
… and developed into us sharing what we (might) do to make our kid’s future career easier. The Internet has changed our personal careers paths dramatically: Most employees look for prospective interviewees’ web records even before setting up the actual meeting.
So can we help our kids with their personal reputation management?
One of the most obvious things to do once your spouse and you agree on the baby’s name is to register the exact-match domain (if possible) for your kid not to have to worry about it when he/she grows up.
But really how crazy should you go about securing your kid’s digital future?
Well, personal reputation management is huge nowadays, and conversely so is identity hijacking. If we can in any way help our children to own their online identities, why not?
After all, you have two obvious choices:
Make sure your kid has a very wide-spread common first and last name (In this case, you don’t have to worry about your kid’s online reputation: There are hundreds of people sharing the same search results page) OR
Make sure your kid’s name is more or less unique and when he / she grows up, they will be easy to get found in whatever search engine we are going to use then.
In the latter case, securing important domains and usernames may be a good idea actually.
Helping your kids control their web identities may be crucial for their future. Dan Gillmor has put it very well:
[We] are partly who others say we are. That’s a key reason why each of us needs to be one of the voices (preferably the most prominent) defining us. To the extent that they live public lives in any way – and like it or not, it’s getting harder not to be public in some way – tomorrow’s adults will need an online home that they control. They need an online home, a place where they tell the world who they are and what they’ve done, where they post their own work, or at least some of it.
What to Register
A domain is an investment and when you deal with kids, this investment is for at least 10-15 years to come.
Domains are not expensive nowadays but seriously, there’s no way you can register ALL of the variations. There are lots of them! And the list is going to be growing.
So which one to secure?
I suggest going with .com
I have no idea what the Internet is going to be in 15 years but I think .com domains will remain as common and popular as they are now or were 5 years ago.
If there is any other top level domains that fit particularly well, why not consider them as well. I’d register ann.smarty once .smarty becomes a top level domain, for example.
What to Do with That Domain
Keeping it registered is already very thoughtful of you but we know that sites are more valuable than domains.
Updating a blog is easy, you can even do it via email: So you can simply use it to collect photos and memories (Like that email address idea we started from. The difference is that hosting everything on your own sites means you actually own the collection).
What Else to Secure?
Owning your domain name is only one step. Today’s digital identity is spread across multiple social media platforms – owning all of those is also essential to better control your child’s identity.
Do we know which ones are there to stay in 10 or more years?
Will there be Twitter? – Hopefully yes!
Will there be Facebook? – It seems so…
Will there be Google Plus? – I wouldn’t count on that…
Will there be new ones? – Absolutely yes…
How to keep track of emerging social media platforms to register your kid’s name there?
Knowem has a cool service that lets you register your name on all imaginable social media platforms to secure them for your child. They also offer a subscription service that will continue to secure your name on 20 new and emerging social networks every month, so you never miss out on any new ones:
Have you ever thought about securing your children’s digital future? Please share your thoughts in the comments!
Welcome to the introductory KnowEm Social News Digest! Every once a week or so we plan to send you the latest breaking news in Social Media. There’s no shortage of changes happening in the social world, so it’s important you as a brand stay on top of it. This week we have a bombshell from Pinterest, and some very interesting acquisitions by Google and Twitter.
As Pinterest’s monetization plans materialize, the social network is pulling the plug on affiliate networks. Pinterest warned select “power pinners” this evening that it will now “automatically remove all affiliate links, redirects and trackers on Pins.”
“Today we’re introducing a new feature that lets people choose a legacy contact—a family member or friend who can manage their account when they pass away. Once someone lets us know that a person has passed away, we will memorialize the account”
Google announced Monday that it had acquired photo storage app Odysee. The app, which automatically backs up photos and videos taken on your smartphone, will shut down on February 23rd. As a result of the deal, Odysee’s development team will be joining the Google+ team, a move which has led to speculation that Odysee’s unique features will eventually be integrated into G+.
Curator makes it easier for media outlets to figure out which topics are popular. A search function sifts through tweets, vines and other data, with fine grained filters to narrow things down by location, word count, the feelings expressed in the tweet, and even by device.
“Facebook on Tuesday announced the addition of a new feature for Facebook Groups designed to make it easier for members of a “For Sale” group to list their items. The new “Sell” feature, which is now starting to roll out globally to more groups, will allow members to create a post where you can add a description of the item for sale, set a price and set a pick-up or delivery location.”
With the recent media surrounding Manti Te’o being catfished (fooled) by a man posing as a woman he virtually dated for over 2 years without ever meeting, along with the growing popularity of the movie turned Television show Catfish, we decided to divulge a few tricks of how to stalk research someone online using a few free tools and some creativity. So have you found your soul mate online? Let’s see if we can make sure they are who they say they are so you too can avoid being catfished.
Social Media Profile or Instant Messenger Address
Does this person chat with you using a screen name other than their real name? For instance let’s say you use a chat client that allows for usernames (take AIM for example) and the person that you are chatting with has a screen name of SallySmith82. It’s very possible that this person might use the same name across all of his/her social media personas. This is what I like to call someone’s “PUB”, or “Personal Unaware Branding”.
A great way to take a deeper look into what this person’s social media footprint might be is to run his screen name or username through our free social media Username Search tool. You might find that his or her PUB links to an old MySpace profile where there could be pictures that differ from the ones you have seen. Let’s assume you are a man (don’t worry ladies, we know this also happens to you often) and SallySmith82 claims to be a 30-year old woman with a modeling career who is sending you some amazingly beautiful and almost risque pictures of herself. Imagine your surprise when you check out the MySpace profile and you find that SallySmith82 is not at all who she claims to be! Don’t panic! It is always possible that someone else could have the same name and has already claimed the profile; however, if the locations of both SallySmith82 match and you are seeing some completely different pictures, you might want to ask about the profile. Always continue to dig deeper because there could be several profiles across various sites that could all be the same person (or perhaps different personas this person has created).
Do they own a blog, website or domain?
So for another scenario we ‘ll check out one for the ladies this time. Let’s say you meet a very smooth young entrepreneur on Facebook that claims to own a bunch of websites that make him tons of money, and he even emails you with an address from one of his personal domains. I’ll use myself as an example here – if I am constantly emailing you from “firstname.lastname@example.org”, take a look at streko.com. You’ll find a personal blog with a little information about myself, but no pictures or anything personally identifiable. To make sure my name is actually “Michael” a simple thing to do would be to perform a search on the WHOIS information of the account – this can be done easily by using Domain Tools, http://whois.domaintools.com/streko.com. So this proves that I own the domain and my name is Michael Streko. It may even provide my mailing address as long as I didn’t mark it as private. But what you also want to check out is what I highlighted in red, the link that says that I own 4 other domains. So let’s say that I have been telling you I own hundreds of domains and they are a large network of all different kinds of sites that have to deal with shopping. You can purchase a full domain ownership report from Domain Tools, or for a quick (and much less reliable) search you can query Google for pages which may have already been indexed:
site:whois.domaintools.com/ “PERSONS NAME”
This might give you a rough idea of what’s out there, but for a truly accurate report you will have to purchase the report, which starts at about $49.
Just as someone’s Instant Messenger ID can be used to disclose a name, at times people will use their email address as their profile name on various social media sites. A great post on this topic can be found here on labnol.org – this gives you a good example of how to do a reverse name search using an email address and a few simple steps. If they are constantly emailing you with email@example.com, again you can use KnowEm’s Social Media username search and simply search for candygrrl85 and use the same techniques outlined above to see if you can find any Social Media profiles for that person.
Sometimes a person a using fake profile will slip up and make another Facebook account using that email address.
So if you’re speaking to Candygrrl85 via email and their Facebook vanity URL is different; i.e. http://facebook.com/KnowEm (KnowEm being the vanity URL), you can perform a simple email search on Facebook or any other social media site that allows you to search via email for members. With Facebook simply drop the email address into the search box.
Are they a criminal?
If you and your online friend decide to finally meet face to face, it might be a good idea to take a bit of a deeper look into this person’s background. Just about every state in the United States offers a free online offender search for convicted felons Simply go to Google and search for your states “Department of Corrections” or “DOC” website. As an example here is New Jersey’s DOC website which does everything from list present/past inmates, their crimes, their picture, and a list of wanted felons that have escaped.
This isn’t really a bonus tip, its more like common sense – search them! Google & Bing it up! Search their email addresses, vanity URL’s, instant messenger addresses and any other information you might have about them. The search engines are there for searching, so search away, you will be surprised about the information from one’s past which gets indexed.
To sum it up, catfishing has been going on for years and most likely will continue for quite some time to come. Years ago it was MySpace; spammers would take a picture of a pretty girl, create a fake profile, gain thousands of friends and then comment on all their profiles with an affiliate link to get a “Free $50 Macy’s Gift card”. Today there’s a new trend called catfishing – what will they think of tomorrow?
This commercial sums it up … just because it’s on the internet, doesn’t make it true:
Note: This article was updated January 2021 to remove specific identification of the names of any individuals involved in the case in order to protect their privacy. The information about the case is presented solely as a matter of historical record documenting court decisions involving social media.
Update: An update to the outcome of the case was published by the LA Times in March 2012
As reported by NJ.com; a New Jersey woman still faces charges this week in a case of first impression in an identity theft indictment. The woman, 41, is being accused of impersonating her ex-boyfriend, a Parsippany Detective, by creating a Facebook page in his likeness. The Facebook account, created in 2009, allegedly contained modified images of the man as well as derogatory comments seemingly made by him. The woman was indicted in August 2010 by a Morris County grand jury on a fourth-degree charge of identity theft, which is punishable upon conviction by up to 18 months in prison.
Her defense attorney is claiming that New Jersey’s statute does not apply to her case because, “it does not specifically address impersonation through the use of social media or the Internet.”
Superior Court Judge David Ironson has ruled that this defense “lacks merit” and will uphold the conviction. Judge Ironson has stated that the Internet is a means of accomplishing a goal of impersonation, but just because New Jersey’s law doesn’t specifically mention it as a vehicle to impersonate doesn’t mean the statute doesn’t apply to the woman’s alleged conduct.
So although the New Jersey statute doesn’t specifically mention “Social Media” in its wording, we must be able interpret the law accordingly. Social Media is a form of communication and what is said and published there is comparable with impersonation in print or in person.
Prosecutors have argued that although the statue doesn’t “include or exclude electronic communications it is applicable to a broad spectrum of impersonation techniques.” The woman has allegedly assumed the identity of another person and acted to injure the man’s reputation and career as a police officer. This can be done through multiple mediums and Facebook is no different in this aspect.
States like New York and California have amended their own impersonation statutes to include “Social Media” in its text. Her defense team is arguing that these states dismissed cases like hers until those laws were amended. New Jersey does currently have a bill in congress to adjust their original statute, but Morris County prosecutors and Judge alike agree that this is a clarification of the existing statute. They still interpret the existing law to include all mediums, including the ever-growing world of Social Media.
A few days ago Matt Cutts of the Google Web Search Quality Team announced that Google is going to start factoring signals from social networks such as Twitter and Facebook in their search engine rankings and results. This marks a shift from a video Cutts made in May 2010 in which he reported Google was not looking at social results. Used heavily in real time search results in the past (such as in streaming tweets which have appeared above the regular results in the past), Cutts now reports that “[Google is] studying how much sense it makes to use it a little more widely within our web search rankings.” He of course reminds us that pages which can’t be crawled, such as Twitter users which have protected their tweets or Facebook users with strict privacy settings, cannot be indexed by Google’s crawlers and of course will have no effect on rankings.
He reports that these social signals are used relatively lightly for now, but may begin to influence more heavily in the future as they gauge their effectiveness over time. Something Google also wants to look at in terms of ranking influence is not just the number of social followers or friends a user may have, but the quality of those friends. Obviously, just like they want to weed out spam and automated links to pages, Google also wants to weed out social accounts which are little more than bots or have artificially inflated their follower count.
So what does this mean to business and brand owners interested in leveraging social media for search engine rankings? Really nothing, if you’ve already developed a smart and effective social media strategy. It just means Google is finally catching up to you. If you haven’t begun to develop a social media strategy, then this should just be one more very strong reason to begin getting involved.
Identity Theft isn’t just something that impacts your bank account or credit card. Your brand or trademark can be hijacked in social media and on the web as well, and we’ve seen it thousands of times here at KnowEm. Most recently, according to PCWorld, a hacker named Kirllos has offered up for sale 1.5 million Facebook user accounts. Facebook hasn’t confirmed that this is a verified hack or if Kirllos’ claims are actually legitimate, but the fact that there is a market at all for claimed usernames should give you an idea what their value is worth.
The stolen Facebook identities are offered for sale at between $25 to $45 per 1,000 accounts, making them go for as little as $0.025 per username. But imagine if one of those stolen names was the name of your brand or trademark term? How valuable is it for you to control your name on the web? Now think about the intellectual property value being lost, and how much it might cost in legal fees to wrestle it back under your control.
At KnowEm we often see brandjacked names in social media being used to hawk counterfeit products or promote affiliate links to questionable landing pages which are obviously not under the company’s control. Someone will register a brand name on a popular social media site (and there are hundreds of them) and then use it for their own purposes. After all, if you were a consumer and saw a brand name you were researching had an account on Twitter, wouldn’t you just assume it was that brand, and trust any links they published? Thousands of people do every day.
Even if the Facebook hacker’s claims aren’t legitimate, social media identity theft is a real threat and should be a major concern for anyone using a unique name on the web. And after all, isn’t that everyone?
In the Intellectual Property world, few things matter as much as a name. Since the advent of the business name and the trademarked word, nothing has been used to identify quality and individuality more than a unique name. A unique name, as obvious as it sounds, is how people know to buy your product instead of something else. This was common sense back when there were only billboards, magazines, radio and television. It was also manageable.
Whether you use Facebook, Twitter or FourSquare (or none of the above), you need to protect your name on all social media websites. Our America Online screen names were all that we cared about ten years ago. Five years ago, all we cared about was our Myspace profile name. Then Facebook. Then Twitter. Now FourSquare. Which will be the next big site tomorrow? Today there are thousands of startups vying to be the next big social website. Currently there are hundreds of sites gaining traction. Will one of these be the next big thing? Of course. And there is no way to tell right now which one it will be.
I advise IP attorneys for a living and stress more than anything else that securing your client’s name on every possible site is the best thing you can do for them. Some make money pursuing cybersquatters and negotiating purchases of user names. But seriously, what could take a few minutes now can leave you to much more important tasks. And who doesn’t want to be the hero?
September 10, 2009 · Filed Under Social Media · Comments Off on How Social Media Does Hostile Takeovers: Facebook
First they offered vanity URLs, then they purchased Friendfeed, and now they are offering @ replies. I would wager the ability to “favorite” a Facebook Status is probably right around the corner. It’s pretty obvious that Facebook is performing a hostile takeover of Twitter, and they’re doing it right.
Facebook might have come before Twitter, but it only really snowballed into the social media juggernaut that it is in the past year or so — right about the same time that Twitter was starting its meteoric climb to popularity. Until recently the two sites really had two different purposes – you meet new people on Twitter, you stay connected with people you already know on Facebook. But it appears early on this year Facebook started getting pretty envious of Twitter’s popularity.
First they adopted Twitter’s very attractive concept of the ability to offer vanity URLs. And people loved them because, well, people are vain. It was a nice start, but that in and off itself wasn’t enough to make it look like Facebook was gunning for Twitter. It actually looked kind of desperate and sad, like a balding 40-something trying to wear Ed Hardy (sorry Jon).
And then people noticed a new rising star – Friendfeed. For a while there it looked like Friendfeed was poised to take over Twitter’s space; after all, they offered everything Twitter did and more. It just didn’t catch on at first. But once Friendfeed started gaining traction in Twitter’s space Facebook swooped in and bought them. And they bought them fairly early, before the price tag went any higher ($50M). At that point we all knew Twitter was making Facebook nervous, and the game was on.
Twitter’s response? Several server outages in the middle of the day while they made a pretty new interface for adding friends. And oh yeah, they also pissed everyone off by deleting hundreds of followers at once, blaming it on spammers and bots.
Today Facebook took the biggest swipe at Twitter’s jugular by offering direct @ replies in status updates. Not only is this a wholesale copy of the heart of Twitter as an application, it clearly defines Facebook’s intentions of taking over Twitter’s audience in social media.
While we all know and love Twitter for its simplicity, it appears its going to have a hard time keeping up with everything Facebook has to offer. If you want to see how a hostile takeover is done, keep an eye on Facebook. They’re doing it right.
Do you know who it is you’re actually following on Twitter? Facebook? MySpace? Due to the recent explosion of interest in Twitter, thanks in no small part to Ashton (@aplusk) and Oprah (@oprah), celebrities and regular folk are flocking to Twitter. But how do you know if the person you’re following is actually a celebrity, and not just regular folk? You can’t, and Twitter is still very quiet about any plans to stop Twitterjacking: the act of impersonating someone else on Twitter.
The biggest concern with your brand identity in Online Reputation Management and Social Media used to be just giving your brand a good name. But what happens if someone steals your brand name? Do you think they’re going to be as concerned with your reputation? The need for businesses to secure their brand name on every possible venue has never been greater.
Knowem co-founder Mike Streko was recently interviewed by Fox News in a report about Twitterjacking: “Unless you start spending money to put out press releases saying that’s not your profile or jump through hoops to contact Twitter, it never works out well.”
The truth is, it’s almost impossible to get your brand name or username back once it’s been taken. Unlike when someone takes yourbrandname.com, there is no universal naming authority for social media profiles. As a brand owner, you’re basically at the mercy of the site owner. Or, since there are hundreds (if not thousands) of social media websites thriving today, you would have to appeal your case to every individual site owner to get your brand name profile back.