Nowadays, many individuals live their lives through social media. While this may seem harmless, check out  security breaches that involved social media sites giving out your private information, from usernames and passwords, to phone numbers and more. Just last year there were 5 major security breaches that took place, affecting more than 100 million users worldwide. Companies such as LinkedIn, Yahoo!, Twitter, AOL and eHarmony were involved. Here’s what you should know.

LinkedIn

Near the end of May, early June 2012, LinkedIn experienced an attack, where 6.5 million user passwords were released.  For those who don’t know, LinkedIn is a website where business professionals reach out to others for recruiting and networking purposes. Apparently, it was discovered that the user passwords were stored in plain text as opposed to being encrypted by means of ‘hashing’ where passwords are mashed up using mathematical algorithms and stored in an encoded version. A more secure way to protect passwords is through what’s known as ‘salting’ combined with hashing.  Again, something LinkedIn failed to do to protect its users.  A spokesperson for LinkedIn, Julie Inouye, would not comment on when LinkedIn did begin using hashing and salting and why these measures were not taken in the beginning. {New York Times}

Yahoo!

 Shortly after the discovery of the LinkedIn security breach, Yahoo! users experienced their usernames and passwords being hacked into.  According to {CSO} an online security and risk informational site, Yahoo! failed to also encrypt their usernames and passwords and more than 400,000 users were affected. Yahoo! spokespeople deflected the attack, commenting that it was their Contributor Network, a subset of Yahoo!, and an older data file, further commenting that less than 5% were actually valid passwords. Regardless, this is not the type of protection users deserve and should consider moving on.

Twitter

Twitter uses were actually hit twice last year, both in May and then again in November.  {CNN Money} reported just a few days after the event, that the affect accounts were mostly spam accounts. Fortunately, Twitter was one company who admitted their wrong and took precautions to prevent this type of thing in the future.  Robert Weeks, Twitter spokesperson, said, “We are currently looking into the situation.  In the meantime, we have pushed out password resets to accounts that may have been affected.”  Unfortunately, what they tried to do apparently didn’t work, because in November Twitter accounts were hacked again. This time Twitter claimed that this was due to third-party applications that may be associated with individual Twitter accounts. They sent emails to affected accounts that they were resetting their password, recommending they review Applications and remove any they don’t recognize {USA Today}.

AOL

The affected AOL accounts were actually a subset of users connected with the Yahoo! security breach and approximately 25,000 email addresses were listed. Also included in this were Gmail, Hotmail and Comcast accounts, to name a few. The company responsible for the hack-job was D33D Company, apparently sees themselves as vigilantes, taking on large companies who’s information is easy to hack. They left this footnote at the tail end of the data listed, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.” {NY Times Bits Blog}

eHarmony

eHarmony usernames and passwords appeared to have been hacked by the same group of hackers that attacked LinkedIn, the eHarmony breach happening only shortly after. eHarmony had more than 1.5 million individual accounts hacked into and the information leaked online. Becky Teraoka, a communications manager for eHarmony, released this statement, “As a precaution, we have reset affected members’ passwords.” This was in response to the idea that they were investigating the situation based on “reports of compromised passwords.” {digital spy}

Although these types of breaches are quite frightening, many people do not take the proper precautions to protect themselves against this type of information leak. {Dashlane.com} posted a blog about this exact type of thing happening. They even commented that they had conducted a poll on who users felt about the security of their information online, which resulted in surprising realizations.

According to the survey, even though individuals are frightened about their information being hacked, they still don’t follow the self-protection rules. In fact, there were about 69% of individuals who reuse the same password, about half of whom who don’t change passwords regularly and about 36% of that half who store personal information, such as credit card numbers, on some site just for the convenience!

Hackers are out there just waiting to take your information away from you, steal your identity and cause you harm – mentally and financially. As you can see, even large companies you “trust” don’t protect your information using the safest, simplest and sometimes free measures they have the ability to implement.