INDEX

Chapter 1. How Secure Is Social Media

Really?

Chapter 2. Loop Holes In Social Media

Like Instagram Facebook Twitter….
Etc.,

Chapter 3. Tools that can help hackers

to access your social media accounts.

Chapter 4. How can you access other's

social media accounts?
Chapter 1. How Secure Is Social
Media Really?
It is highly unlikely that anyone in the world is actively managing, or at least worrying about,
their social media security minute by minute. If you’re like most people, you use the same
password for all accounts. When you make a new account you probably slap the same
password on it without a second thought.

We’re here to tell you that “Password123” just doesn’t cut it anymore.

Some of you are thinking, “Only idiots would use that password. No one can guess mine.”
Well, some of the 50 most common passwords include birthdays, names, pet names, profanity,
and simple number combinations. Furthermore, only 18% of Americans regularly change their
social media password. Just one frequently used password could allow access to hundreds of
people’s personal information.

Are you rethinking your password yet?

1. Threats To Online Security

Bots are also becoming a problem with their guerilla tactics. Social media bots pose as
humans and can perform helpful tasks, such as collecting and sharing useful information.
However, pernicious bots can permeate social groups, eventually swaying public opinion. The
percentage of bot users on social media is increasing rapidly, possibly paving the way
persuasion en masse. What’s more is that bots are becoming so sophisticated that
distinguishing them from humans can pose a challenge.

There are thousands of hackers globally. These people have the technical skill to break into
companies’ secure digital data to obtain critical consumer information -- this is a cyberattack.
They can also develop malicious software, coined “malware”, that can take control of devices.
This is why you never want to click on links from questionable emails.

Important Facts
 Facebook has over 600,000 hack attempts every day. However, that number is miniscule
compared to the NSA’s (National Security Administration) 300 million attempted data breaches
every 24 hours. How can business giants protect their millions or billions of users’ private
information with this constant hacking bombardment?

Unfortunately, users don’t make it any easier. Even if you’re not very active on social media, simply
having an account can provide social media platforms a nice bundle of information, including your
name, mailing address, email, birthday, and phone number. For perpetual perusers and posters, 20
or more aspects of personal information are entrusted to social media platforms, such as signal
strength, location, address book, photos, and even credit card information.

Takeaway

As you can see, businesses are incorporating more and more cybersecurity measures. It is
vital to maintain the integrity of the company’s and user’s personal information.

However, as the Internet of things continues to grow, security measures will have to increase
in number, speed, and complexity. The number of connected devices and people at risk rises
at an exponential rate. This means that the number of attempted data hacks is unlikely to
decrease any time soon.

We suggest you check out the infographic below, created by Varonis, for more information,
and consider changing your password every once in a while.
Chapter 2. Loop Holes In Social
Media Like Instagram Facebook
Twitter…. Etc.,
The Social Media store a treasure-house of information about a person, and with increasingly
intelligent programs, hacking into this information is extremely easy. Artificial Intelligence (AI)
driven programs make it possible to derive information about a person’s likes, dislikes and
other personal data points. And every employee is a window to the organization he/she works
for. Content that is posted on the Facebooks and Twitters of the world, is out in the public
domain, for everyone to see and gain insights into the organization.

The Social Media have created a virtual world, in which people lose their inhibitions and post
intimate personal details about themselves. Hackers intelligently track these updates or “posts”
and devise cyber-attacks targeting specific people. For example, if a manager is seen posting
frequently about the latest iPhone, miscreants can create a phishing scam, talking about the
coolest iPhone cases. Since much of social media may be accessed on professional networks
or devices, not only the person, but his/her organization too runs the risk of a data breach.
Moreover, in this scenario, an initial interest level has already been verified, ensuring a high
probability that the person will click on the phishing email and be the victim of a data theft.
Data of various kinds, including organizational data is at risk.

The problem stems from the fact that social media have a large reach. Brands are especially
using them in a prolific manner to reach out to their customers. As the number of people using
social media increases, hackers have a wide range of victims to choose from and plan the
attack in a targeted manner. Moreover, even as an employee, someone may not think twice
about posting a professional update, considering it a “consumer grade” rather than a link to the
business or brand the person is associated with. Also, security mechanisms for social sites are
not too well defined or in control. For example, security measures such as a two-factor
authentication, email scanning and URL filtering, are totally bypassed, which may lead to grave
breaches of security protocol. Third party links that social sites such as Facebook lead to, may
not always be authentic and can trigger a cyber-attack. Attacks can thus take the form of
ransomware, in which the hackers manipulate the victim by using employment offers, asking
him not to disclose the event to the enterprise.

What is the implication of this on business? Consider a case, wherein, a research and
development employee out of sheer enthusiasm, posts about the completion of an important
project. Ideally, not to be disclosed, the company’s strategic secret is out in the open to
devour. Hackers can make millions by mining such strategic information and sharing it or
passing it on to the competitor. In a cut-throat business world, it is becoming increasingly
important to be wary of secrecy and confidentiality about future plans. Moreover, automated
posts such as sites that post on the user’s behalf are difficult to track always—the employee
may not even be aware that sensitive information has been shared.

How does one get past these threats? While the more popular social media sites such as
Facebook and Twitter, may have two-factor authentication, many users may have switched off
the functionality. Today, there is a blurred line that separates business from personal. Hence, it
is the responsibility of the organization to educate its employees about how to be safe and
secure on virtual platforms. Practices such as shared logins, sharing of passwords with others
are a big “No-no”. Being vigilant is the first and foremost defense. Any unusual changes to the
account or to the third party linked sites, must be highlighted. Another important consideration
is fake accounts, which can be the starting point for trouble—never accept friend requests that
are unknown.
 The threat is very real. Social media are being considered as an open platform for hackers to
wreak havoc. However, it is in the hands of the businesses and employees to be aware and
respond to any doubtful situations. Awareness and attention are the two most important
pre-requisites to prevent a social media hack.

Chapter 3. Tools that can help

hackers to access your social media
accounts.
There are two main attack vectors here: the company side and the user side.

The company side is the bit that the company controls, i.e. the hardware (e.g. servers) and software (including
source code, databases and all other digital constructs) of the website. This is what we would call a “server
side attack,” and especially with big companies, server side attacks are very difficult to pull off. Don't get me
wrong, there are vulnerabilities in the actual web apps themselves, but finding one is a once-in-a-blue-moon
thing.

It's much, much easier to attack the user directly and make them give up the credentials (knowlingly or
otherwise). There are a wide variety of different ways that you could get into a social media account with this
vector. I will list a few below, but there are many more:

Phishing (or potentially spear phishing). As another answer details, phishing is a social engineering based
attack where you send the targets an email designed to take advantage of them in some way. This is often
combined with a spoofed website, copied exactly and served to the targets (in this case, through the phishing
email), so that when the victims enter their credentials into the faked website they unwittingly send their details
to the attacker. A really good spoofed website will appear seamless, and might even log the user into the real
website automatically so as to avoid arrousing suspicion. If the attacker is particularly clever, they could
potentially even circumvent two factor authentification with this method. I should note that the difference
between phishing and spear phishing is simply the targeting: phishing is a scatter-gun style attack directed at
large a group of people, whereas spear phishing is an attack aimed specifically at a single (or small group) of
targets.
Malware keyloggers would be another good way of attacking social media accounts. If I can get a keylogger
onto your computer (which also means getting around your antivirus, if you have one) then I can see
everything you type, including usernames and passwords. Getting the keylogger onto your computer is
relatively simple and could be accomplished in a variety of ways, depending on how aware you are of potential
cyber threats. That said, this method would not allow an attacked to circumvent two factor authentification, so
it's limited in that regard.

If you've allowed your browser to save your passwords, an attacker could potentially access the cached
passwords and break into your account that way. This would be one of the first things I would try if I had
physical access to the target machine, although it's a lot lower down the list if the attack is to be done remotely
(although it could still be accomplished).

A man in the middle attack could also do the job. Combining this with cookie alteration might even be able to
bypass two factor authentification. Put simply, if an attacker intercepts your network traffic then they can see
everything you send and receive. SSL (HTTPS) does a lot to protect against this, but the attacker might get
lucky and capture something interesting. If, for example, they capture the cookie containing your session ID
(the thing that your browser gives to the website allowing you to stay logged in), the attacker could potentially
edit their own cookie to match, and trick the website into thinking that they are actually you.
True social engineering with a dash of OSINT. The attacker could sit down and work out a list of logical
passwords for you (potentially even using tools such as CeWL to analyse your social media). They might even
be able to trick you into giving them the password in conversation.

As I said, there are lots more options. The thing about hacking is that there are no fixed ways of doing things.
It's all about getting around protections that other computer scientists have put in place, and gradually working
your way into cracking the target open. No two systems will be exactly the same. Thus there are potentially
thousands of different ways to break into a social media account. Maybe only a few will work on you but others
will work on other people.

Chapter 4. How you can access

other's social media account?
Hacking social media accounts is something everyone wants to learn but is it very tough to hack servers of
Facebook ,Instagram etc to get the password ! Now no hacker even think of doing this !

THE BIGGEST VULNERABILITY EVER OF SOCIAL MEDIA PLATFORMS IS HUMANS . THEY CAN BE
HACKED BY TRICKING THEM INTO GREEEDS. *_*

In this article i will not be showing you how to hack step by step (*APOLOGIES*)
But a rough idea about how stuff works !

1. Let you want to hack your Ex’s Facebook id .

2. So the most important step is to collect every info about her , and her family , her interests , current
relationships!

3. Then you will need a phishing page!

CAUTION: Don’t ever go for free hosting and creating a phising page they will suspend your account . either
buy a hosting or if you are poor like me then go to shadowave.

shadowave provides a pre customized pages or you can customize by yourself depends on what social media
you want to hack.
4. Now you need to get her in trap. So use the information collected by you and sent a fake email , sms or the
best thing that i follow is to create a fake profile and message her using that id !

CAUTION: If you are using a fake id to make her fall in trap. First become her friend then make her believe in
you then send your links! she will definitely fall !

5. You can see the login details on victim area on shadowave or if you are using a paid hosting then in the text
file you made.