Social Media Password Encryption Simplified

Social media password security is not a joke. After having my LinkedIn account hacked a week ago, I went full-mode on security protocols, enabling 2FAs and ensured all log-ins on all online accounts are monitored and sent to my emails.

But, this incident also made me re-inspect about cybersecurity, data protection and encryption. It made me realize how social media platforms are properly using these tools to protect their data and that of their users.

For you who breathe more than half of your life online and who maintain social media accounts on almost all platforms, it’s important to understand the manner in which your social media platforms protect your data and your privacy. So, here’s a simple basics on encryption. This is to allow you to re-inspect your password security and to be more aware of creating stronger social media passwords. This is very important in an online world where hacking is real and data breach is as real as your last heartbreak.

What is Encryption?

Encryption is turning readable data (called plaintext) into unreadable data (called ciphertext). This way, even if someone sees your data, they won’t be able to make sense of it without the key to unlock it. So, your plaintext social media password is turned into ciphertext when you enter it in a social media platform.

Here’s an easy way to think about encryption:

• Plaintext: Your original password (e.g., "8%0409Pjk!").
• Ciphertext: The encrypted version of your message (e.g., "XkP9!47z#1").
• Key: The secret code used to turn the plaintext into ciphertext.

So, in the world of online encryption, there are many encryption processes that different social media platforms use to encrypt or create ciphertext for your plain password. But, what’s more important is for you to understand how the encryption process looks like and how social media platforms store your passwords. This is the most sensitive process that sometimes make or break your data protection. The process of creating ciphertext, its storage along with the key and retrieval of both is where data breach can most likely happen. 

The Process of Social Media Password Encryption

Once the program reads your plain text social media password, it encrypts it using a special recipe, called an encryption algorithm, and a secret key.

Here’s how the program turns the plaintext password into ciphertext:

• The algorithm is a complex set of instructions that scrambles the password
• The key is a secret code used to control how the password is scrambled.

So, if the algorithm is like a lock, the key is what turns the lock and scrambles your password. The output of this process is called ciphertext, which looks like random gibberish.

• Example: If your plain text password is "MySecret123", after encryption it might look something like this: "4yQw7!zRp9$".
• Ciphertext Password: This is the scrambled version of your password that no one can understand without the key.

Storing Your Social Media Password

Now that your password is encrypted, the program stores the ciphertext in a database or file. This way, even if someone breaks into the database and steals the passwords, all they’ll see is the gibberish ciphertext. The stored password would look like "4yQw7!zRp9$" instead of "MySecret123". No one, not even the program itself, can read the original password without the encryption key.

Retrieving your Password from the Storage

This is called decryption. It means using the key to turn the ciphertext back into your password. When you want to log back in to your account, the program needs to check if the password you entered matches the one stored in the database.

The process would be:

1. You enter your password again, like "MySecret123".
2. The program retrieves the stored ciphertext, "4yQw7!zRp9$".
3. Using the same key that was used to encrypt the password, the program decrypts the ciphertext back into the original plain text password.
• Decryption is like unlocking the scrambled message using the key.
4. If the decrypted text matches the password you entered, the program knows it's the correct password.

• Plaintext Password: "MySecret123" (original)
• Ciphertext: "4yQw7!zRp9$" (stored in the database)
• Decryption Key: The secret code that turns the gibberish back into "MySecret123".

Advanced Encryption Standard or AES

So now that you must fairly understand the Encryption, Storage and Decryption process that social media platforms use for your passwords, it’s time to explain more about the key. There are different ways in which different algorithms use a key to encrypt or decrypt your social media password so we will need to go over first that for you to understand about the encryption key.

There are standards and advanced systems of encryption/decryption available. One of the most powerful algorithms is Advanced Encryption Standard or AES.  How does it work?

• Step 1: Break your message into pieces. AES splits the message into small chunks or blocks.
• Step 2: Scramble each piece multiple times. AES scrambles each block of the message multiple times. It is called rounds.
• Step 3: Use a secret code. AES uses a secret code, called key, to control how it scrambles and unscrambles your data.

The AES Encryption process

·       AES uses an encryption key from 128 bits, 192 bits, or 256 bits long. Bits are like tiny puzzle pieces. The longer the key, the harder it is to crack. So compared to a 128-bit key, 256-bit key is harder to crack.

·       AES takes your data and divides it into chunks called blocks. Each block is 128 bits (which is just a way to measure the size. So, if your password is "MySecret123” AES breaks it into manageable pieces.

·       AES doesn’t scramble your data just once. It scrambles it multiple times using different transformations:

• SubBytes: It replaces each byte (tiny piece of data) with another byte from a predefined table.
• ShiftRows: It shifts the rows of the data, making it even more scrambled.
• MixColumns: It mixes up the columns of data.
• AddRoundKey: AES also adds a part of the key to make sure the scrambling is linked to the secret code.

The number of rounds depends on the key length. The stronger the key, the more rounds it goes through. So, using a 256-bit encryption key needs more rounds and take longer to encrypt.

If My Social Media Passwords are Encrypted, Why Should I Worry?

Yes, social media platforms encrypt your passwords. But, it doesn’t mean it’s unbreakable. As you can see algorithms have processes to follow and when someone explicitly wants to break your password by doing a try-it-all process (brute force attack), it is possible. In principle, no password is un-breakable. The thing is, breaking your password is just a matter of time. So, the technique? Create a social media password that is long enough and with complexity combinations to make it hard for hackers to steal them. According to Hive Systems, an 8-character password with a combination of uppercase and lowercase letters, numbers and symbols can be cracked in 7 years. No hacker in his right mind would even try to crack a password of this kind. He'll die trying.

But, remember, this goes for social media passwords that do not form patterns like ABC, 123 or common words like PASSWORD. Make your passwords hard to guess. Avoiding patterned words, letters or numbers make it harder for hackers to guess. Use random and complex combinations. Also, most social media platforms provide 2FA and security questions. Enable these to ensure additional protection.  

Cybersecurity is a serious concern. Threats are everywhere, especially with how humans are using Artificial Intelligence to exploit loopholes in weak cybersecurity measures. Don't become the next victim of cybersecurity attacks. 

Remember, your social media password can be stolen and used to exploit and scam others. Don’t let it happen to you. Make your passwords are hacker-proof - use the right combinations and length. Change them as often as possible. 

How I Reclaimed My Hacked LinkedIn Account

Hacked LinkedIn account on a Saturday morning. On a weekend that should have been spent chilling. Picture this: you roll out of bed, do a few stretches to loosen some muscles, check emails, and casually open  LinkedIn, only to be hit with a shocking sight—hacked LinkedIn account! Your profile is now an alternate version of reality. Your job experience? Poof, gone. Your photo? Replaced with a funny face with too much makeup applied to it. And everything is written in Chinese! I've never felt that irritated seeing Chinese characters populating every corner of my LinkedIn profile. And I thought I had all the cyberscecurity loopholes fixed for me!

The Horror Unfolds

It all started on a regular Saturday, just like any other, when I realized my LinkedIn profile had been hijacked. My carefully curated professional history had vanished into thin air, replaced by… nothing. My profile picture had morphed into the ridiculous face of a stranger, and the entire page was now in Chinese. I couldn’t help but feel like I had been thrown into a parallel universe where my career just didn’t exist.

The LinkedIn Hacked Account Recovery Mission

But instead of panicking, I channeled my inner detective and prepared to reclaim my hacked LinkedIn account with a smile (and a pack of chilled lasagna). Here's how the great LinkedIn comeback unfolded:

1.  Activate Two-Factor Authentication (2FA): Step one was enabling 2FA, which added a secret handshake to my LinkedIn login. Now, anyone trying to access my account would need not just my password but also a code sent to my phone. Extra security for the win!

2.  Rebuild My Profile (The Hard Way): With 2FA locked and loaded, it was time to do the painstaking work of manually rebuilding my profile. Think of it as writing my career autobiography from scratch. I reset the language back to English, swapped out the fake photo for my own, and started adding my job experience one by one. Annoying? Yes. But also a fun walk down memory lane. So, that’s goodbye to a hacked LinkedIn account and hello to a better profile.

3.  Create a Stronger Password:  I went full fortress mode with a new, super-strong password, mixing in letters, numbers, and symbols like a hacker-proof cocktail.

Why Did It Happen?

Turns out, I’m not the only one who’s been through this digital nightmare. LinkedIn hacks aren’t just the stuff of tech folklore—they’re a real and present danger. In 2012, there were over 6.5 HackedLinkedIn accounts. Fast forward to 2021, and data from 700 million LinkedInusers was found up for sale on hacker forums. Thankfully, LinkedIn has since beefed up its security, encouraging all of us to enable 2FA and embrace strong passwords like true cyber warriors.

Alright, I did not activate the 2FA before so it must really been that easy to get hold of my account. So, how did my account get caught in this mess? Well, here are a few possible culprits:

• Weak Passwords: I must have clicked a fake link associated with my LinkedIn account so that I practically invited hackers into my profile. 
• Phishing Scams: Those shady emails asking for personal details? Yes, clicking on them can hand hackers the keys to your account.
• Data Breaches: If a site you use gets hacked, and you’ve used the same password for LinkedIn, congratulations—you’ve just given hackers a shortcut to your profile. 

But, really, I am still confused as to how my account got hacked. I have a unique password for LinkedIn and I also did not click on any dubious links. I am planning to do an online activity audit on my laptop to check for any suspicious activities before the Saturday hacking incident. Maybe, this would answer the questions that are still hanging in the air for me. Until then, I am more bent to believe that my hacked LinkedInaccount must have been because of a data breach similar to the 2021 incident. 

And, I should read up on cybersecurity best practices because after this, I feel like I have turned rusty from the core. I keep asking myself what I have missed out and that this happened to me. 

Tips to Avoid Future Hacked LinkedIn Account

To avoid a LinkedIn account from becoming a hacker's next target, follow these tips:

• Enable 2FA: Always add that extra layer of security.
• Use Strong, Unique Passwords: No more reusing passwords across multiple sites.
• Watch Out for Phishing: Be skeptical of suspicious emails and never click on shady links.
• Regularly Update Passwords: Refresh your passwords periodically to stay ahead of hackers.

Reclaiming my hacked LinkedIn account was frustrating, especially since I had to manually type my whole professional experience. But, it taught me a valuable lesson: online security is no joke. So, if you ever find yourself in a similar situation, stay calm, enable 2FA, and rebuild your profile like a pro. In the end, every adventure—digital or not—has its highs and lows, and this one was nothing short of a rollercoaster.

Additional  Reminders to Never Lose Data in Case of Hacking

I had a hard time recovering my profile data after it was hacked. So, you might want to do the following to avoid losing information: 

1. Backup Your Data. Whatever article posts or images you post on Social Media. Make sure you have them backed up. Google Drive is a nice tool for your files. 
2. Download Your LinkedIn Profile. This is a very helpful tool in order to have your data safely tucked. Just go to your profile, Click on the Resources Button and choose Save to PDF. 
3. Download Your LinkedIn Videos. You can use ClipGrab for this. ClipGrab is free so you should not have any problems. 
4. Save a Copy of Your Data on LinkedIn. This lets you save all your articles, posts, profiles, connections and recommendations. Select whichever you think is necessary. 

The possibility of losing data is part of our online life. Cybersecurity risks are part of it all. With advanced hacking tools that exploit Artificial Intelligence to find loopholes in cybersecurity measures, it becomes easier for hackers. And once we become victims of these attacks, they can harm our online content in a way we do not expect. The best way to make sure they won't be lost is to do the steps above. No matter how careful and how you follow the rules on online security, sometimes there are people who just know how to get around cybersecurity loopholes. They have advanced tools and when we miss out on important aspects, we become vulnerable. So, to protect yourself further, backup your data and live your lfie online worry-free. 

The rise of hacking in the Philippines: Is it a political attack?

3 years ago, the vulnerabilities in BDO online banking system were targeted. Reports claim that its one-time password generation was easily breached by hackers and around 700 accounts were compromised. 3 Filipinos and 1 Nigerian were indicted for violations of Republic Act 8484 (Access Devices Regulations Act of 1998) and RA 10175 or the Cybercrime Preventions Act of 2012.

But persistent hackers were undeterred. Bangko Sentral ng Pilipinas claimed a surge of 2, 324% in hacking and malware attacks while phishing increased to 320%. The COVID-19 pandemic created a boom in online banking transactions and hackers saw this as a great opportunity to launch their attacks. The attacks penetrated many layers of security and introduced several more sophisticated attacks. It brought forward the dreaded question: Is it safe to entrust personal details online?

Attacks on government agencies were mostly thwarted wherein hackers used brute-force and other sophisticated attacks. No hacking damage ever exceeded the 2006 Commission on Elections hacking wherein the biometrics of 200 million Filipino voters were compromised. The hacking attacks would cause significant doubt in the integrity of the succeeding 2007 National Elections.

The attack on BDO accounts has bolstered online security banking in the country. No attacks ever caused damage so huge since then.

Nonetheless, the attacks should never be taken lightly. It is only proper to put forward the number one concern of many Filipinos. After all, Filipinos dominate online usage in Southeast Asia. 

China is doing it?

There are speculations that the rise in hacking attacks is political. Analysts claim that hacktivists in collaboration with foreign entities are trying to undermine the Philippine government through these attacks. Theories of this kind have sprouted which were made worse by the successive discoveries of spy equipment and hacking tools in POGO raids in the last 2 years. Senate inquiries into the POGO operations and persona of a small-town mayor Alice Guo have largely sensationalized this theory.

China, which is pointed as the main culprit behind the attacks, has denied the allegations but the Department of Information and Communications Technology (DICT) asserts that China IP addresses were linked to the hacking attacks.

While the DICT is quick to admit that the China IP addresses are not actual proof that China perpetrated the attacks, it reiterates that hacking was made on Chinese soil. In a meeting of Southeast Asia leaders in 2022 in the US with US President Joe Biden, a security alert says that China is hacking its neighbors to support its economic campaigns in the region and to secure control of its territories.

Cyber security and political analysts in the country also share the same analysis given the increasing tension between the Philippines and China in the West Philippine Sea. This is aside from the economic interests that China is deemed to protect within the country. The Philippines highly depends on Chinese manufacturing, business opportunities, and economic aid.

Assuming that these attacks are political then the Philippine government is going to have to brace itself for more sophisticated attacks. The DICT should always be ready for the next attack with stronger security infrastructure and continuously improve security measures, never allowing hackers the opportunity to abuse online security weaknesses.

The Important Thing to Do

While it is easy to fingerpoint, it is more important to be informed about how new and more sophisticated attacks were made and how to avoid becoming the unwitting victim.

1.     Never fall victim to the GCash Scam Page. It is a fake GCash application. Through the fake application, hackers gained access to login details including passwords and mobile identification numbers thereby gaining access to GCash accounts. Make sure you update your mobile application on official sites. Be wary of fake alerts for application updates or login verification.

2.     Never re-use usernames and passwords. As much as possible, use a unique username and password for each of your social media, bank and online payment accounts. Should a breach happen in one of your accounts, you can simply report it and initiate immediate security action without having to worry about your other accounts.

3.     Never access unsecured websites and links.

4.    Use encrypted nternet connection. Always make sure that you use a secure and private internet connection to avoid having your personal data from being stolen.

5.     Always be updated. The internet is a vast source of knowledge. Always be informed of the latest security threats so you will know how to handle them and avoid being a prey.