The Dangers of Being Careless on Social Media
Periodically, you'll hear one of those stories--the ones that embrace doom and gloom. The ones that say there's a security breach or business betrayal around every corner. The ones told usually by fuddy-duddies who are mired in the past and don't understand how business is done or the world is run these days.
But remember: Just because they're paranoid doesn't mean they're not occasionally right.
Consider the trouble brought by businesses' increasing reliance on social media. And I'm not talking about the ordinary dangers of online life, such as the average malware scam.
No, I'm talking about what happens when individuals or even companies take over some aspect of your company's existence and then go to town. Last fall, Matt Kruse, the person who created Social Fixer, which let users configure a Facebook experience to their liking, allegedly was smacked down by Facebook and convinced to remove functionality, such as ad blocking, that made the product worth using for hundreds of thousands. Facebook reportedly took down Kruse's Facebook page, effectively cutting him off from most of his audience.
An overdependence on one company made this entrepreneur vulnerable to its whims. It's an old story in a way. Anytime you latch yourself to one company, either as a business or as a platform, you introduce some risk.
But it doesn't take a social-media giant to target you. Hackers can use social media, security lapses, and your inattention to gain control of social-media profiles and, potentially, even more fundamental assets of your company.
Developer Naoki Hiroshima told the story last month of how he lost his Twitter handle, @N. Someone hacked into his domain account with GoDaddy and then, claims Hiroshima, threatened to take possession of all his websites. Hiroshima wrote that he had been offered as much as $50,000 for the handle.
This happened in January. Another fluke? Tell that to Josh Bryant who, at the end of January, wrote about how he almost lost his $500,000 Twitter handle--and his startup.
Bryant has the handle @JB on both Twitter and Instagram. It's been a big target for hackers, first because of the Jonas Brothers and now Justin Bieber. The attack on his Twitter account came through his Amazon account, where, again, someone used social engineering to persuade some helpful customer service person to turn over sensitive information. Again, read this account and see how easy it can be for a determined person to become you.
The bigger problem was that Bryant's Amazon account was also the one he used to get cloud services for his startup, Droplr. As he wrote:
My startup, Droplr, is completely based on Amazon's stack, from using EC2 servers where we host all of our technology to S3, which we use for file storage. This attacker had access to all of it. I was extremely lucky that in his rush to gain access to @jb, he didn't think to check if my account had anything under AWS.
Maybe it's all complaining by a bunch of Chicken Littles. The sky might not fall, although it can be ridiculously easy for someone with public information on you to crack into one account and use that information to get to others. And any one of those accounts will hold the keys, if not to an Amazon AWS connection, then to your Salesforce.com account or maybe your cloud-hosted financial books.
In any case, can you afford for a chunk of the sky to drop on your head? In each case, the difference between disaster and safety was attention by the target. Just how attentive are you?
ERIK SHERMAN | Columnist
Erik Sherman's work has appeared in such publications as The Wall Street Journal, The New York Times Magazine, and Fortune. He also blogs for CBS MoneyWatch.