Writer: Lorenzo Franceschi-Bicchierai First Published on techcrunch.com 4:30 AM PDT • August 26, 2024
Social Media Has been Hacked
More and more hackers are targeting regular people with the goal of stealing their crypto, perhaps getting into their bank accounts or simply stalking them. These types of attacks are still relatively rare, so there’s no need for alarm. But it’s important to know what you can do to protect yourself if you suspect someone got into your email or social media account.
A few years ago, I wrote a guide to help people protect themselves, and understand that most of the companies you have an account with already offer you tools to take control of your account’s security, even before you contact them for help, which some cases you still should do.
Here we break down what you can do on several different online services.
Just like in the previous guide, there’s an important caveat. You should know that these methods don’t guarantee that you haven’t been compromised. If you still aren’t sure, you should contact a professional, especially if you are a journalist, a dissident or activist, or otherwise someone who has a higher risk of being targeted. In those cases, the nonprofit Access Now has a digital security helpline that will connect you to one of their experts.
Another caveat, if you don’t do this already, you should enable multi-factor authentication on all your accounts, or at least the most important ones (email, banking, social media). This directory is a great resource that teaches you how to enable multi-factor authentication on more than 1,000 websites. (Note that you don’t have to use the multi-factor app promoted on that site, there are plenty of other alternatives.)
Increasingly some online services offer the use of a physical security key or a passkey stored in your password manager, which is one of the highest safeguards to prevent account intrusions that rely on password-stealing malware or phishing.
Gmail lists all the places your account is active
The first thing you should do if you suspect someone has broken into your Gmail account (and by extension all the other Google services linked to it) is to scroll all the way down in your inbox until you see “Last account activity” in the bottom right corner.
Click on “Details.” You will then see a pop-up window that looks like this:
A list of recent account activity on Google’s account page.Image Credits: TechCrunch
These are all the places where your Google account is active. If you don’t recognize one of them, for example, if it comes from a different location, like a country you haven’t visited recently or have never been, then click on “Security Checkup.” Here you can see on which devices your Google account is active.
Google’s Security Checkup Page, including a view that shows “where you’re signed in.”Image Credits: TechCrunch
If you scroll down, you can also see “Recent security activity.”
Recent security activity on Google’s Security Checkup Page.Image Credits: TechCrunch
Check this list to see if there are any devices that you don’t recognize. If in any of these places above you see something suspicious, click on “See unfamiliar activity?” and change your password:
Changing your Google account password.Image Credits: TechCrunch
After you change your password, as Google explains here, you will be signed out of every device in every location, except on the “devices you use to verify that it’s you when you sign in,” and some devices with third-party apps that you’ve granted account access to. If you want to sign out there too, go to this Google Support page and click on the link to “View the apps and services with third-party access.”
Removing third-party access to your Google account.Image Credits: TechCrunch
Finally, we also suggest considering turning on Google’s Advanced Protection on your account. This enhanced security protection makes phishing your password and hacking into your Google account even harder. The drawback is that you need to purchase security keys, and hardware devices that serve as a second factor. But we think this method is important and a must-use for people who are at a higher risk.
Also, remember that your email account is likely linked to all your other important accounts, so getting into it could turn out to be the first step into hacking into other accounts. That’s why securing your email account is more important than virtually any other account.
Outlook and Microsoft logins are in the account settings
If you are concerned about hackers having accessed your Microsoft Outlook account, you can check “when and where you’ve signed in,” as Microsoft puts it in the account settings.
To go to that page, go to your Microsoft Account, click on Security on the left-hand menu, and then under “Sign-in activity” go to “View my activity.”
Checking recent sign-in activity on your Microsoft account.Image Credits: TechCrunch
At this point, you should see a page that shows recent logins, which platform and device was used to log in, the type of browser and the IP address.
Checking recent activity on your Microsoft account.Image Credits: TechCrunch
If something looks off, click on “Learn how to make your account more secure,” where you can change your password, check “how to recover a hacked or compromised account” and more.
Microsoft also has a support portal with information on the Recent activity page.
As we noted above, your email account is the cornerstone of your online security, given that it’s likely that most of your important accounts — think social media, bank and healthcare provider, etc. — are linked to it. It’s a popular target for hackers who want to then compromise other accounts.
Keep your LinkedIn account locked down
LinkedIn has a support page detailing the steps you can follow to check if your account is logged into a device or location on the web, iOS and Android that you don’t recognize.
LinkedIn has a specific page on its website where you can check the places where you are logged in.
A screenshot showing all the places where your LinkedIn account is logged in around the web.Image Credits: TechCrunch
If you don’t recognize one of those sessions, click on “End” to log out of that particular session, and enter your password when prompted. If you click on “End these sessions,” you will be logged out of all the devices other than the device that you are using.
On iOS and Android, the process is the same. In the LinkedIn app, tap on your profile picture on the top, tap on “Settings,” then “Sign in & Security,” then “Where you’re signed in.” At that point you will see a page that is essentially identical to the one you can see on the web.
LinkedIn also has a security feature that requires you to confirm on your app if someone tries to log into another device.
A sign-in request notification on a LinkedIn account set up on an iPhone.Image Credits: TechCrunch
If you tap on the sign-in request notification, you will see a page that asks you to confirm that it was you who just attempted to log in. There you can confirm the login, or block the attempt.
A LinkedIn message detailing a sign-in request from another device.Image Credits: TechCrunch
Yahoo offers email tools to help
Like other email providers, Yahoo (which owns TechCrunch) also offers a tool to check your account and sign-in activity with the goal of allowing you to see any unusual activity that could be a sign of compromise.
To access this tool, go to your Yahoo My Account Overview click on the icon with your initials next to the email icon on the top right corner, and click on “Manage your account.”
Accessing your Yahoo account information.Image Credits: TechCrunch
Once there, click on “Review recent activity.” On this page, you will be able to see recent activity on your account, including password changes, phone numbers added and which devices are connected to your account, as well as their corresponding IP addresses.
Checking recent account activity on your Yahoo account.Image Credits: TechCrunch
Checking recent account activity on your Yahoo account.Image Credits: TechCrunch
Given that it is likely that you have linked your email address to sensitive websites like your bank, your social media accounts and healthcare portals, among others, you should make an extra effort to secure it.
Ensure your Apple ID is safe
Apple allows you to check which devices your Apple ID is logged in directly through the iPhone and Mac system settings, as the company explains here.
On an iPhone or iPad, go to “Settings,” tap your name, and scroll down to see all the devices that you are signed in on.
A screenshot on an iPhone showing all the logged-in devices on an Apple account.Image Credits: Apple
On a Mac, click on the Apple logo in the top left corner, then “System Settings,” then click on your name, and you will also see a list of devices, just like on an iPhone or iPad.
A screenshot on a Mac showing all the logged-in devices on an Apple account.Image Credits: Apple
If you click on any device, Apple says, you will be able to “view that device’s information, such as the device model, serial number” and operating system version.
On Windows, you can use Apple’s iCloud app to check which devices are logged into your account. Open the app, and click on “Manage Apple ID.” There you can view the devices and get more information on them.
Finally, you can also get this information through the web, by going to your Apple ID account page, then clicking on “Devices” in the left-hand menu.
A screenshot on a browser view showing all the logged-in devices on an Apple account.Image Credits: Apple
How to check Facebook and Instagram security
The social networking giant offers a feature that lets you see where your account is logged in. Head to Facebook’s “Password and Security” settings and click on “Where you’re logged in.”
Account login activity for a Facebook account.Image Credits: TechCrunch
In the same interface you can also see where you are logged in with your Instagram account, provided it’s linked to your Facebook account. If the accounts are not linked, or you just don’t have a Facebook account, go to Instagram’s “Account Center” to manage your Instagram account and click on Password and Security, and then “Where you’re logged in.”
Here you can choose to log out from specific devices, perhaps because you don’t recognize them, or because they are old devices you don’t use anymore.
Just like Google, Facebook offers an Advanced Protection feature as well as for Instagram, which essentially makes it harder for malicious hackers to log onto your account. “We’ll apply stricter rules at login to reduce the chances of unauthorized access to your account,” the company explains. “If we see anything unusual about a login to your account, we’ll ask you to complete extra steps to confirm it’s really you.”
If you are a journalist, a politician or otherwise someone who is more likely at risk to be targeted by hackers, you may want to switch on this feature.
It’s easy to see whether your WhatsApp is safe
In the past, it was only possible to use WhatsApp on one mobile device only. Now, Meta has added functionalities for WhatsApp users to use the app on computers, and also directly via browser.
Checking where you logged in with your WhatsApp account is simple. Open the WhatsApp app on your mobile phone. On iPhones and iPads, tap on the Settings icon in the bottom right corner, then tap on “Linked devices.”
There, you will be able to see a list of devices, and by clicking on one of them you can log them out.
Checking linked devices on a WhatsApp account.Image Credits: TechCrunch
On Android, tap on the three dots in the top-right corner of the WhatsApp app, then tap “Linked devices” and you will see a page that’s very similar to what you would see on Apple devices.
Signal also lets you check for anomalies
Like WhatsApp, Signal now lets you use the app via dedicated Desktop apps for macOS, Windows, as well as Linux.
From this screen of Linked Devices, you can tap on “Edit” and remove the devices, which means your account will be logged out and unlinked from those devices.
X (Twitter) lets you see what sessions are open
To see where you are logged into X (formerly Twitter), go to X Settings, then click on “More” on the left-hand menu, click on “Settings and privacy,” then “Security and account access” and finally “Apps and sessions.”
From this menu, you can see which apps you have connected to your X account, what sessions are open (such as where you are logged in) and the access history of your account.
You can revoke access to all other devices and locations by hitting the “Log out of all other sessions” button.
Looking at the logged-in sessions on an X account.Image Credits: TechCrunch
Looking at the account access history on an X account.
Securing your Snap account
Snap has a feature that allows you to check where you are logged in. A Snapchat support page details the steps you can follow to check. You can use both the app on iOS and Android, or Snapchat’s website.
On iOS and Android, open the app, tap on your profile icon, then the settings (gear) icon, then tap on “Session Management.” At that point you will be able to see a list of sessions your account is logged into. It looks like this:
Snap’s session management feature found in the iOS app.Image Credits: TechCrunch
On the web, go to Snapchat Accounts, then click on “Session Management.” There you will see a list of logged-in sessions that looks essentially the same as the image above. Both on the web and in the app, you can log out of sessions that seem suspicious or you don’t recognize.
Snapchat also has a security feature that alerts you on your phone when someone is logging into your account, whether it’s you or a would-be intruder.
A sign-in request notification on a Snap account set up on an iPhone.Image Credits: TechCrunch
TechCrunch tested this sign-in flow on different devices. The notification above may not display if you log back into a device you had already logged into. But if Snapchat thinks a login is “suspicious” — perhaps because the person logging in is using a different device or IP address — the app will show whoever is attempting to log in a new screen asking them to verify the phone number associated with the account, showing only the last four digits.
If the person attempting the login then taps “Continue,” the account owner will receive a text message on their phone number with a code, which prevents the other person from logging in.
However, you will only get this alert after the person has entered your correct password. That’s all the more reason to make sure you use a long and unique password, which makes passwords harder to guess, and enable multi-factor authentication with an authenticator app, rather than your phone number.
First published on July 14, 2024 and updated on August 26, 2024 to include Snap and LinkedIn.
Introducing Witstudio’s Comprehensive Services
In the digital age, where online security and privacy are more crucial than ever, organizations and individuals alike are seeking robust solutions to protect their online presence. Witstudio, a pioneering name in the cybersecurity and digital privacy industry, offers a comprehensive suite of services designed to safeguard personal and corporate data from evolving threats. As cyber-attacks grow in sophistication, Witstudio stands at the forefront, providing cutting-edge solutions tailored to meet the diverse needs of its clients.
1. Cybersecurity Consulting
At the core of Witstudio’s offerings is its Cybersecurity Consulting service, which provides expert guidance on securing your digital assets. This service includes risk assessments, vulnerability analyses, and tailored recommendations to enhance your security posture. Witstudio’s consultants work closely with clients to identify potential weaknesses in their systems, develop robust security strategies, and implement best practices to mitigate risks. Whether you are a small business or a large enterprise, Witstudio’s consulting services are designed to ensure that your cybersecurity infrastructure is resilient against threats.
2. Incident Response and Management
In the unfortunate event of a cyber-attack or data breach, Witstudio’s Incident Response and Management services are crucial. The company offers a rapid response team that is available around the clock to address and contain security incidents. Witstudio’s experts employ a structured approach to incident management, which includes identifying the source of the breach, containing the threat, eradicating malicious activity, and recovering compromised systems. Additionally, Witstudio provides post-incident analysis to help organizations understand how the breach occurred and how to prevent future incidents.
3. Security Awareness Training
Human error is often a significant factor in security breaches. To combat this, Witstudio offers Security Awareness Training programs designed to educate employees about cybersecurity best practices. These training sessions cover a range of topics, including phishing awareness, safe online behavior, and password management. By fostering a culture of security awareness, Witstudio helps organizations reduce the likelihood of successful attacks and ensures that employees are equipped to recognize and respond to potential threats.
4. Penetration Testing
Penetration Testing, also known as ethical hacking, is a proactive measure to identify and address vulnerabilities before malicious actors can exploit them. Witstudio’s penetration testing services involve simulating real-world attacks to test the effectiveness of your security defenses. The company’s skilled testers use advanced techniques and tools to assess the security of your systems, applications, and networks. Following the test, Witstudio provides a detailed report with findings and recommendations for strengthening your security posture.
5. Compliance and Regulatory Services
Navigating the complex landscape of cybersecurity regulations and compliance requirements can be challenging. Witstudio offers specialized services to help organizations comply with industry-specific regulations and standards, such as GDPR, HIPAA, and PCI-DSS. Their compliance experts work with clients to ensure that their security practices meet the necessary legal and regulatory requirements, thereby reducing the risk of penalties and legal issues.
6. Managed Security Services
For organizations looking to outsource their security operations, Witstudio provides Managed Security Services. This offering includes continuous monitoring, threat detection, and response managed by a team of security experts. Witstudio’s managed services ensure that your systems are monitored 24/7 for suspicious activity and potential threats. By leveraging advanced security technologies and expertise, Witstudio helps organizations maintain a high level of security without the need for in-house resources.
7. Privacy Protection Services
In an era where personal data is a valuable commodity, privacy protection is more critical than ever. Witstudio’s Privacy Protection Services focus on safeguarding sensitive information from unauthorized access and misuse. This includes data encryption, secure communication channels, and privacy audits to ensure that personal and organizational data is handled with the utmost care. Witstudio’s privacy experts help clients implement measures to protect their data and comply with privacy regulations.
8. Digital Forensics
When a security incident occurs, understanding the nature and scope of the breach is essential. Witstudio’s Digital Forensics services provide in-depth analysis to uncover evidence related to cybercrimes. The company’s forensic experts utilize advanced techniques to investigate compromised systems, recover deleted files, and trace the origins of the attack. This information is crucial for legal proceedings, incident resolution, and improving future security measures.
9. Cloud Security
With the increasing adoption of cloud computing, ensuring the security of cloud-based services is paramount. Witstudio offers Cloud Security solutions to protect data and applications hosted in the cloud. This includes configuring cloud security settings, monitoring for vulnerabilities, and implementing access controls. Witstudio’s cloud security services help organizations secure their cloud environments and manage risks associated with cloud computing.
10. Custom Security Solutions
Recognizing that each organization has unique needs, Witstudio offers Custom Security Solutions tailored to specific requirements. Whether it’s developing a bespoke security strategy, integrating specialized security technologies, or addressing unique challenges, Witstudio works closely with clients to deliver solutions that meet their precise needs.
Conclusion
As cyber threats continue to evolve, the need for comprehensive, tailored security solutions becomes increasingly important. Witstudio’s range of services is designed to address the diverse challenges faced by individuals and organizations in protecting their digital assets. From proactive measures like penetration testing and security awareness training to responsive services such as incident management and digital forensics, Witstudio provides the expertise and tools necessary to safeguard your online presence. By partnering with Witstudio, you can enhance your security posture, mitigate risks, and ensure that your digital environment remains secure and resilient against emerging threats.