Commentators have warned for more than a decade that users of social media are vulnerable to scammers and cybercriminals. After more than two years of lockdowns and accelerated trends of working outside conventional offices, the threats are rising.

Social media is a security weak point which enables hackers and other cyberthreats to proliferate, a provider of virtual private networks (VPNs) warns. 

Atlas VPN, a firm founded in 2019, says data shows that 41 per cent of compromised records in 2021 originated from social media data leaks, up from 25 per cent from the previous year. 

With more people working remotely, a process accelerated by the pandemic, vulnerabilities potentially mount, with social media usage being a weak point. 

“Within the past few years, we have seen multiple large-scale data breaches involving companies like Facebook and Twitter. Yet, we rarely see the bigger picture,” the organization said in a blog post this week.

The article cited data based on the 2022 ForgeRock Consumer Identity Breach Report, which gathered data from various sources, such as the Identity Theft Resource Center's 2021 Annual Data Breach Report, IBM Ponemon, TechCrunch, Forrester Research, as well as UpGuard, and IdentityForce.

“Criminals can prey on business clients by posing as the company in order to obtain credentials. This is becoming especially prevalent since companies increasingly use social networks to communicate with customers…fraudsters frequently attempt to infiltrate businesses by leveraging mutual connections, which create a false sense of security,” the article said. 

“Moreover, people who overshare on social media make it simple for thieves to locate personal information that aids in company breaches,” it said. 

The article continued that another major source of leaked information is the retail sector, which accounted for nearly a quarter of all records breached in 2021. It cited figures from the US Department of Commerce Retail Indicator Division, showing that e-commerce sales surged by 50 per cent during the pandemic. Retail data breaches increased in frequency and severity during the same period. 

While the average cost of a retail breach was $2.01 million in 2020, it increased by 63 per cent to $3.27 million in 2021.

Regulators are taking note. For example, Morgan Stanley has been fined $200 million for “the use of unapproved personal devices” as well as inadequate record keeping requirements. In its second-quarter results statement, the US bank said, without naming WhatsApp specifically: “The firm’s expense efficiency ratio was 74 per cent, impacted by $200 million related to a specific regulatory matter concerning the use of unapproved personal devices and the firm’s record-keeping requirements.”

The fine on Morgan Stanley came after US regulators took similar action in December 2021 against JP Morgan, saying that managing directors and senior supervisors had used WattsApp or personal email addresses for work-related communications.

This publication was struck by how, during a Family Wealth Report summit in New York several years prior to the pandemic, a panellist was asked how to improve privacy protection and replied: “Delete your social media accounts.”

Concerns about social media have been aired for more than a decade. See this commentary from 2012, for example. 

The regulatory drive to foil cyberthreats continues, and is global. In June, for example, The Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) today announced additional measures to increase security for safeguarding customers from digital banking scams.