When you buy through affiliate links in our content, we may earn a commission at no extra cost to you. Learn 
Mark Foster was traveling on business when he found out that someone had accessed his email and social media accounts. Foster soon realized they had even attempted to access his work-related files.
As the founder of DashTickets — a New Zealand entertainment and travel guide and magazine, and as a journalist, Mark’s accounts had access to sensitive data. This breach could have major consequences for him. The attacker/s did not ask for a ransom. In fact, they did not even contact Mark at all.
Instead, they used his account to impersonate him. They posted fake posts and fake information on his social media and sent out messages and emails, severely damaging Mark’s professional reputation.
Unfortunately, Mark’s story is just one in a global wave of social media hacks. Two years ago, NordVPN revealed that for every five Americans, two said they had their social media accounts hacked.
And since then, things have not improved at all.
Experts talk to Techopedia about the global crime wave, possible solutions, government interventions, and how to stay safe in 2024.
Key Takeaways
- In the latest reminder of the state of security on Facebook, 40 U.S. states and Washington D.C. called on Meta to tackle rampant running fraud on their social media platforms.
- Cybercriminal activity on all top social media companies, including Instagram, Facebook, X, LinkedIn, YouTube, and others, has been on the rise.
- More than a billion social media accounts are believed to be hacked a month.
- The latest IBM report concludes the world is living in a “Global Identity Crisis.”
- Show Full Guide
40 U.S. States Call Meta to Tackle Fraud and Crime
In early March 2024, Forty U.S. states and Washington, D.C. called on Meta to put a solution to the “dramatic” increase of account takeovers on Instagram and Facebook. The U.S. states, led by New York Attorney General Letitia James, wrote a letter to Meta’s chief lawyer in which they said fraudsters “are winning the war and running rampant on Meta.”
The news comes as no surprise for the cybersecurity community which has been repeatedly warning, report after a report, on how dangerous social media attacks and techniques have become.
In the letter, New York reported a 1,000% increase in social media hacking or scam-related complaints since 2019, while states like Illinois, North Carolina, Pennsylvania, and Vermont reported a yearly increase of 250% in the last year alone.
The Global Identity Crisis
The IBM 2024 X-Force Threat Intelligence Index concluded that the world is experiencing a “global identity crisis”, which is only going to get much worse. The report says that cybercriminals are increasingly choosing as their weapon of choice to exploit user identities and launch attacks. The report explains why bad actors prefer taking over accounts instead of writing complex code to hack and breach systems.
“Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today.”
Dr. Andre Slonopas, Cybersecurity Department Chair at the American Public University System and Chief Operations Officer for the US Army — where he helps coordinate simulations and drills designed to ensure preparedness and effective response to cyber attacks on critical infrastructure — spoke to Techopedia about the costs of social media attacks.
“Although the methods may vary, this would be no different than any other compromises. Victims could lose personal information, there could be reputation damage, financial loss, and false information being sent out from social media accounts.”
“One unique effect from social media, given that so many people tie their lives into social media, is the psychological effect from having this virtual personality compromised.”
Irina Tsukerman, a US national security lawyer and President of Scarab Rising, Inc — security, media, and geopolitical risk strategic advisory, also spoke to Techopedia about the consequences of social media hacking.
“On average, 1.4 billion social media accounts are hacked every month; that number will continue to rise as more and more people create social media accounts.”
“In 2023, 25% of Facebook accounts were hijacked, while the hacking percentage of Instagram accounts reached 85%,” Tsukerman said. “Moreover, hijackings have become more successful in terms of the length of time it takes to free the account, particularly with Meta.
“In some cases, it can take months to restore the account, especially if the user did not employ multi-factor authentication. Part of the problem is that social media customer services are overwhelmed or otherwise unreachable.”
A common complaint among those who have had their social media hacked is customer support. Ken Westin, Field CISO at Panther Labs spoke about his personal experience with this issue.
“Having assisted several friends and businesses who have had their accounts hijacked, I can say that Meta has not been helpful at all.”
“When an account is hijacked, Meta does very little to support the victims, to the point that many businesses who had pages gave up and either created a new page or abandoned the platform altogether.”
Westin explains that this lack of customer support has driven many businesses to pull out their ad funding from sites like Facebook.
“The fact that Meta fails to act increases the hijacking activities, which causes further erosion of trust in the platform,” Westin said.
“It is amazing to me that Meta has done so little to fix the issue themselves, particularly as it has a direct impact on legitimate uses of the platform and affects revenue.”
As Westing explains, in most cases, the hijacking of these accounts could have been mitigated by using strong passwords, password managers, and two-factor authentication.
With more than 5.35 billion global social media users generating data and traffic on these platforms and spending, on average, three hours and 53 minutes on these sites and apps every day, it cannot be questioned that securing this massive flux is not an easy ride.
Dr. Andre Slonopas crunched the numbers to give us an idea of what it is the world is facing.
“The scale of social media makes it impossible to get rid of all malicious users. For example, 2 billion users log into Facebook daily; even if only a fraction of a percent of these users is malicious, that still puts the number of malicious users in millions and possibly tens of millions. Tackling a problem of this volume becomes extremely challenging.”
Despite the great number of users, social media companies like Meta, X (formerly Twitter), YouTube, TikTok, and other leading companies should have the resources, innovation, and technology to make these platforms a safer place.
Dr. Slonopas said that the solution for this threat is the same as with any other threat, awareness, education, training, and innovation.
“I believe this is no different than an approach for any other compromise; it begins with user education and awareness training. Given the rise of AI and ML in cybersecurity and data analysis, I envision that one day, AI-enabled tools will be up to the task of battling millions of malicious users on social media.”
Web3 blockchain technology has been praised for its potential to secure any kind of transaction or process. The decentralized, heavily encrypted, and immutable nature of blockchain is being applied or studied to create cybersecurity solutions and fraud-detection programs.
Solo Ceesay, the co-founder of Calaxy, a social wallet where users can share crypto, non-fungible tokens (NFTs), and more over the blockchain, spoke about how the criminal trend and inaction of the companies erode trust.
“Most immediately, social media hacking directly challenges the faith we put in intangible, centralized platforms and businesses. Without trust, doing business becomes virtually impossible which greatly impacts the overall experience and utility of social platforms altogether.”
Ceesay explained that Web2 technological (pre-blockchain tech) structures are centrally managed, and user credentials aren’t publicly verifiable in any way. Ceesay said that Web3 technologies are an excellent solution and explained why.
“A good analogy that describes how the current model works is the concept of having your credentials stored in a virtual coat check machine for as long as the user is on the platform.
“Decentralized identity is more along the lines of storing your coat in a locker where the user must create their own code to stash their belongings.”
Security in Their Hands
The concepts and tools to increase social media security are undoubtedly in the hands of social media companies. Tsukerman explained some options at the table.
“Social media companies should make multifactor authentication a mandatory part of the process and implement regular “check-ins” that could be used to authenticate users.”
Tsukerman added that social media companies could also promote situational awareness and secure practices among users and their personnel. “Part of the standard protocol on both user and company end should include monitoring branded social media accounts for changes, unauthorized apps, admins, and content.”
“Aside from the internal controls that are imperfect, social media companies have hacking detection tools; they are also aware (and should promote that awareness) that hackers most frequently gain access through poorly maintained passwords, authorized users, and compromised applications.”
And when an attack does happen, Tsukerman said social media companies should develop, and automate processes for live and immediate response to reported hacks or other attacks, including potentially disrupting them.
Should Governments Intervene?
Governments around the world are modernizing their laws to meet the challenges that a global digital world presents. For example, the E.U. AI Act, recently passed, moves towards regulating AI. At the same time, the E.U. Digital Markets Act law is being actively enforced to fight monopolies and make digital markets more fair.
However, while individual privacy laws and regulations for financial data are abundant, cybersecurity laws that mandate specific actions for private companies are far less common.
“Governments can definitely intervene, policies and laws can be written, but I am also a bit skeptical on the effect of policy alone tackling this issue (social media hacking),” Dr. Slonopas said.
“Another approach is for governments and industry to collaborate in tool development, perhaps data sharing to combat malicious user activity, government-financed efforts that could absorb some of the risks of research and development would go much further than policy which a malicious user seems to ignore regardless.”
Managing Resources and Enforcing Standards
Tsukerman said the reason why the government does not intervene is because it has limited resources and uses those to to go after even direct financial cybercrimes such as mass ransomware of cryptocurrency or bank hackings.
“Social media hacks are considered petty annoyances, even if they are done en masse, and will likely only capture government attention if there is very significant financial damage to revenue or if these hackers are linked to other known security threats that are already a subject of active investigation.”
Despite this, Tsukerman said that the government could shift “the onus of responsibility on the social media companies for holding them liable for negligent security practices”, which could result in fines, operational restrictions, and of course, class action lawsuits by compromised users and advertisers.
“The most meddlesome and costly approach by the government could be the requirement of licensing standards to operate data-driven companies and technologies, forcing them into annual cybersecurity certification, that could likewise diffuse the risk by forcing the companies to comply with demanded standards.”
The Bottom Line
As Dr. Slonopas explained, many of the attacks on social media are good old brute force attacks against passwords that so many people recycle, social engineering, and other less complex attacks.
We agree with Dr. Slonopas’ advice. “Users should use unique and strong passwords, do not click random links, be skeptical of all attachments even when they come from people that we trust and know, and regularly read up on the latest scam trends.”
However, once again, as Tsukerman said to Techopedia, with no model, tech, or regulation being a silver bullet, algorithms out of our control, and attacks on social media skyrocketing, today it is the end-user who is forced to take full responsibility, and who is the last gateway keeper of their own security and privacy.
