NBC News, Steve Wozniak, Sarah Palin - all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations. This Veracode infographic presents common social media hacks and explores how enterprises can mitigate the security concerns that stem from social media applications. Veracode Social Media Security Basics

Add this Infographic to Your Website for FREE!


Small Version

Large Version

Infographic by Veracode Application Security   Barack Obama. Fox News. Britney Spears. Facebook. Dalai Lama. Lance Armstrong. What do all those people have in common? They’ve all had their Twitter accounts hacked. With social media more popular than it’s ever been, so are viruses, malware and scams. Social media users must be familiar with the basics of security to stay safe.  

Definition of Terms

Understanding how to be safe in the social networking environment means knowing the terms and issues users face.  

Social Networking

  • The Big Four: Facebook, Twitter, LinkedIn, MySpace
  • Dozens More: Flickr, Google, Blogger, YouTube, Digg, etc.


The Perimeter

  • Social media lives “in the cloud,” which is more difficult to protect than traditional networks.


Viral Adoption

  • A system that evolves incrementally and gains momentum as is spreads.
  • The more interconnected we get, the more opportunity malware has to pop up.



  • The trending popular symbols, phrases and ideas.
  • Memes tend to “go viral.”


What is the Risk?

Social media is more than sharing information with friends and followers. It’s now ripe for viruses and attacks. So while social media is fun, there are risks.  


  • Core distribution of malware is through social media sites.
  • Why is social media ripe for malware?
    • Decentralized
    • Interconnected
    • Mobile
    • Easy Access to Data

  KoobFace - An example of recent malware on Facebook

  • KoobFace is a computer worm
  • It uses compromised computers to build a peer-to-peer botnet
  • KoobFace sent messages to Facebook users friends lists
  • KoobFace posted messages on Facebook walls so other friends would click
  • It was reported that KoobFace generated over $2 million in revenue


Targeted Attacks

  • Can defame your brand by hitting your followers
  • Further social engineering efforts
  • Data disclosure
  • Primary point of entry into organization


Malware has a history of infecting Twitter and Facebook. But there are things users can do to minimize their risk.  

Timeline of Twitter Attacks

  • 4/2007: SMS updates vulnerable
  • 8/2008: Trojan download attacks begin
  • 2/2009: Clickjacking attacks begin
  • 4/2009: XSS worm released
  • 4/2009: Internal admin tool hack
  • 6/2009: Trending topic abuse begins
  • 7/2009: Koobface
  • 1/2010: Banned 370 passwords
  • 5/2010: Force follow bug
  • 9/2010: Mouseover exploits found
  • 9/2011: Of top 10 most followed, only 2 have never been hacked
  • 9/2011: script_kiddiez rampage


Trending Topics Attack

Hackers watch the Twitter trending topics

  • Create or hack an account and send out spam trend messages with virus-laden links
  • Users click and … ATTACK!


Protect Your Passwords

  • 30% of people have passwords less than 6 characters
  • 60% of people have only alpha-numeric passwords
  • 50% of people use slang words, names, dictionary words or consecutive digits
  • ?? Secret Questions -- easy to figure out
    • What does this mean? Passwords are easily hacked!
  • How to create a complex password:
    • Length: 8+ characters
    • Complex: letters, punctuation, symbols, and numbers
    • Variation: change passwords often (every 3 months)
    • Variety: Don’t use the same password for all your sites


Top 5 Categories of Facebook Spam

  • Stalking -- 35%
  • Free stuff / social games (think Farmville dollars) -- 16%
  • Shocking Curiosities -- 14%
  • Features NOT offered by Facebook (poking) -- 13%
  • Games NOT offered by Facebook -- 8%
  • Other -- 14%


Modes of Protection

It’s a dangerous world in social networking. Take steps to protect yourself!

Social Media Vendor

  • Implement better anomaly protection
  • Better warnings and alerts
  • Lock accounts
  • Analyze shortened links
  • Fix passwords and security questions


The Enterprise

  • Monitor outbound traffic
  • Educate employees on Socia Media safety and best practices


How YOU Protect Yourself

  • Be careful who you friend and follow
  • Avoid add-ons
  • Don’t assume Twitter and Facebook are scanning for viruses
  • Scrutinize Bit.ly links
  • Always use the current version of your web browser
  • Keep Windows OS and Adobe current
  • You’re not safe just because you’re a Mac user
  • Be wary of email to you from social networks



You don’t have to avoid all forms of Social Media to be protected. But you do have to be aware of malware and scams. Educate employees as well on Social Media safety and best practices to reduce your company’s risk from costly losses and identity theft.

Veracode Security Guides
Data Security Resources
Veracode Security Solutions
  • Android Apps Security
  • SDLC
  • Vulnerability Scanner
  • SQL Injection Attack
  • Facebook Security Settings
  • Internet Security
  • Mobile Security
  • iOS Security Guide
  • Web Page Security
  • Vulnerability Assessment
  • Fergal Glynn joined Veracode in 2008. Fergal is currently responsible for lead generation activities including content marketing, blogging, search engine optimization, webinar marketing, social media, and optimizing the marketing and sales funnel. Fergal spent his first two years at Veracode as a Product Manager.



    contact menu