Break-ups can be traumatic in many ways. Now it is known they can pose a serious cyber-security threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge — a handful for malicious reasons.
A survey of single people discovered ‘nearly a 3rd’ are still logging into their ex’s social-media accounts, some for revenge purposes.
The survey produced in Nov. for Reboot Digital PR Agency found that 70% of exes polled have logged into their former partner’s Instagram account in the past week. Also, a full 65% of those who report social-media snooping suggested it had become an “obsession.”
Stalking
This sort of social media stalking is primarily fuelled by ‘curiosity’, says the report, but in a few cases, these breaches can present a real threat.
“Most exes claim that they still log into past partners’ social-media accounts to ‘see if they have met someone new,’” according to Reboot’s report, “with 59% of participants admitting this was the main reason.”
Curiosity is one aspect, but worryingly,13% confessed they logged in to “seek revenge.”
Usual accounts for stalker exes to access, the report added, include Instagram, Netflix, Facebook, email, Spotify & Twitter.
Aware
The report explained that they found only 23% of accountholders were aware their former partners still had access.
It also discovered that many exes (32%) stop logging in about 6 months post-breakup, with others stopping around the 10-12-month mark (18%). Shockingly, however, 17% of participants admitted to logging into their ex’s social accounts 2 years after a breakup.
Exes’ Protection
Smart-security practices like not sharing passwords with anyone & multi-factor authentication (MFA) are 2 easy ways to prevent this type of personal insider threat, Dan Conrad, Field Strategist with One Identity, explained.
“People assume that they should change their passwords after a big life event, however, if you’re following strong password hygiene practices, an individual’s password shouldn’t be affected by this, as no one else should have access to the password in the 1st place,” Conrad observed in an email replying to the report.
“With many applications requiring MFA, passwords have become a part of the authentication process, making credentials no longer enough to break into an account,” Conrad commented.
He added that research shows that the more frequently users change their passwords, the weaker those passwords tend to become.
Personal Threats & Professional Ones
Much like at companies & other organisations, insider threats can impact individuals & their personal data. With the pandemic continuing the blur the lines between both, an ex’s data breach could quickly balloon into a serious professional problem too.
In a recent webinar on insider threats Craig Cooper, Gurucul COO explained how dangerous Insider Threats to business can be, including a threat player targeting a specific employee.
“The question is often: What might they be looking at? And often, when you are talking about insider threats on the physical side, it could be someone targeting a specific person,” Cooper commented.
“That is not very comfortable to think about, but that’s obviously something that could happen. This happens with workplace violence and those types of things.”
Problems
Employees with personal problems, e.g., breakup or divorce, have started to be identified by companies as “high risk,” for security breaches according to Code 42’s CISO Jadee Hanson who spoke last Mar. about this growing trend.
“There’s psychological studies that look at tone & language that employees use throughout the workday, & so if it’s negative in nature, the adversaries can absolutely take advantage of that and use that person,” Hansen explained.
Monitoring
She stated companies have started monitoring social media accounts of its key credential holders for potential insider threats.
“Following certain security people or certain people that have sort of elevated access,” she outlined. “What are they saying in a public forum & trying to exploit them? Just knowing that they’re more of a disgruntled employee rather than your average employee.”
Access Mitigation
Cooper, along with Gurucul CEO Saryu Nayyar, explained that the critical mitigation for businesses to protect from insider threats is paying meticulous attention to permissions & who has access to important data. The same advice, like the threat itself, also applies to personal accounts.
Beyond not sharing passwords to your accounts & using MFA whenever possible, Conrad stressed the importance of using strong, unique passwords for all accounts.
Password
“Instead of focusing on how often to change a password, it’s essential to focus on not only meeting complexity requirements but also ensuring the password is unique to each account,” Conrad warned.
“To help juggle passwords, people should use a reputable password manager as these systems generate complex passwords for each account, alert the users if accounts have the same password & interject complex credentials when required.
The bottom line is that how frequently you change a password isn’t as important as how strong your password is.”
