A Swiss secure storage company has launched a creative cybersecurity awareness campaign to show how hackers gather personal data from social media.
The campaign by pCloud uses a fake influencer account on Instagram (@thealiceadams) to highlight how users unintentionally give away pieces of sensitive data through their bios and the content they post.
“Through what we share online, the pictures we post and the locations we tag, hackers and criminals can guess your password in seconds, putting your identity and your bank accounts at risk of being stolen,” said a pCloud spokesperson.
In one post from the mock account, the influencer reveals her date of birth by sharing an image of birthday balloons that spell out her age. Other seemingly harmless posts give away information commonly used in passwords and security questions, including her pet’s name, where she went to school and her favorite movie.
Additional posts emphasize the importance of checking photographs for sensitive data before sharing them. Captured in an image of the influencer at her desk is a post-it note upon which a password has been written. Another shot of the influencer dining at a restaurant features her credit card, revealing her bank details.
“You may be posting a picture of your birthday balloons, a heartwarming picture of your newborn baby or snapping that ‘picture perfect’ bar you spent the weekend at. But those seemingly harmless posts could actually be giving away security information that gives hackers access to all your accounts,” said pCloud.
Research performed by pCloud found that the most common themes for passwords that hackers are aware of include the last name followed by a number, date of birth, child or grandchild’s name and date of birth, pet name, place of birth and current place of residence.
Other popular password choices are Qwerty (the first letters on a keyboard), favorite films, foods and nicknames.
The company advised users to leave personal information out of their passwords and make their passwords long and nonsensical, making them more challenging for hackers to guess. It also recommended using different passwords for different accounts so that cracking one password won’t enable a hacker to access all accounts
