Our collective has dealt with over 14,000 data breach cases

Call free

What data breach risks do social media platforms pose?

What data breach risks do social media platforms pose?

Peter Hammond, GDPR Solicitor

Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.

There has been an increase in recent years in social media users’ concern about their privacy. Data breach incidents have alarmed many users and encouraged them to rethink not only their relationship with social media but also the security of their personal information. The many examples of data breaches that are tied to social media have steadily corroded public trust and led to a lot of users questioning whether they have lost control over their own data.

A recent study revealed that 80% of social media users are concerned about businesses and advertisers accessing and using their social media posts and details. Growing privacy concerns have prompted advocacy for tighter regulations and have made companies responsible for safeguarding personal data under more scrutiny.


What are the possible threats and risks to privacy on social media?

Cyber criminals are well versed in tricking social media users to hand over their sensitive information, stealing personal data, and gaining unauthorised access to users’ private accounts. Some typical threats that can be a risk to social media users are:

Data Mining

Everyone leaves a data trail behind them on the internet. Each time a person creates a social media account they provide their personal details which can include their name, date of birth, geographical location, and interests. Also, companies actively collect data on user behaviours i.e., when, where, and how users interact with their platform. This data is then stored and leveraged to better target advertising to their users. In some cases, companies will share their users’ data with third party entities, often this is done without the users knowledge or permission.

Phishing Attacks

Phishing is one of the most common ways for criminals to get sensitive information from you. Typically, they will contact you by an email, text message, or phone call and present themselves as a legitimate organisation. They then trick you into sending your personal data to them, including passwords, bank details, and credit card information. Phishing attacks can often pose as social media platforms. An example of this is in August 2019, a huge phishing attack targeted Instagram users by pretending to be a two-factor authentication system and pushed users to log in to a false Instagram page.

Malware Sharing

Malware is designed to gain access to computers and the data they contain and will be used to steal sensitive information, extort money, or profit from forced advertising once it has infiltrated the system. Social media platforms are an ideal delivery system for malware distributors. As soon as an account has been compromised, cybercriminals can take over and distribute malware to all of the user’s friends and contacts on the social media platform.

Bot Attacks

Social media bots are automatic accounts that create posts or follow new people whenever a specific term is mentioned. A large group of bots can form a network called a botnet. Bots and botnets are prevalent on social media platforms and are used to steal data, send spam, and launch DDoS (distributed denial of service) attacks that will allow hackers to gain access to people’s devices and networks.  


How can you protect your data on social media?

Millions of people around the world use social media everyday and with that there will always be the risk of your personal information falling into the wrong hands. However, there are things you can do to mitigate the risk of this happening as much as possible.

1) Close down accounts you don’t need and don’t open new accounts unless it is completely necessary

If you find yourself not using a social network, consider deleting both the account and the application from your devices, so there is no chance of any inadvertent data sharing: social media networks could in theory access all information and activity on your phone. Also, try to limit the number of social media networks you use so that your data isn’t spread out all over the internet.

2) Know your friends

On certain social networks like Twitter this is difficult, on Facebook, however, make sure you are only friends with people you know and trust and regularly review your friends list to limit who sees what you’re sharing.


3) Pay attention to your privacy settings

In the past privacy settings on social media have been lacking and difficult to navigate but companies like Facebook have slowly been making it easier to limit who sees your personal data to trusted friends, and Twitter and Instagram as well as other platforms give you the option to limit who can see your posts and who can follow you. You should also check your privacy settings regularly as there have been incidents of them suddenly and inexplicably changing.


4) Share as few identifying details about yourself as possible

Professionals like to use their name and place of employment to build a reputation on LinkedIn and other social platforms but if you can avoid doing this you should. Cybercriminals can guess your work email address or even your personal one with this information and launch targeted phishing attacks that will seem all the more credible with a description of your job that you likely provide on your profile. You should always make sure that your privacy settings are at a level that you feel comfortable with and only connect with people you have a professional relationship with.


5) Don’t use your social profiles to log into other websites

Even though it might be more convenient to click the “log in with Facebook” option instead of creating a new account, this exposes you to possible security risks that become more serious when you consider that every time you share your data across platforms you are pooling more and more into a single location. Be mindful that all of the Facebook data and any other data you have shared on other accounts using your Facebook credentials may be accessed by cybercriminals if the third-party site is hacked.


Social media platforms are a popular and common way to stay up to date with friends and family, but they do pose risks when it comes to data breach. Therefore, it is important to be aware of the risks and what you can do to minimise them as much as possible, so you can enjoy social media in the safest way possible.

Peter Hammond, GDPR Solicitor

Peter is a solicitor who has worked as a professional litigator for many years. More recently Peter has specialised in data breach compensation claims and over the last 2.5 years has gained a wealth of knowledge in this sector. Peter now works with us to share his knowledge and inform the general public.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0330 828 1764

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?