Social Media Privacy: Settings You Should Change

Quick Take

Your social media accounts are broadcasting more personal information than you realize, but fixing your privacy settings is actually straightforward once you know what to look for. Most platforms default to sharing widely because that’s how they make money — but you can take control with just a few settings changes that make a real difference in protecting your identity.

What This Actually Means for You

Social media privacy isn’t just about keeping your vacation photos away from strangers. Every piece of information you share — your full name, birthday, hometown, family members, workplace, check-ins at locations — creates a detailed profile that identity thieves can use to steal your identity or hack into your other accounts.

Here’s how this affects real people: Sarah posted about her high school reunion, mentioning her graduation year and maiden name. A scammer used that information, combined with her birthday (visible on her profile), to correctly answer security questions and reset her bank account password. Mark’s LinkedIn showed his job title and company, while his Facebook revealed his dog’s name and his anniversary date — all common security question answers that helped criminals take over his investment account.

Parents are especially vulnerable because family photos often include children’s full names, schools, and activities. But honestly, anyone who uses social media regularly should pay attention to these settings — platforms change their privacy defaults frequently, often making your information more public without clearly explaining the changes.

The biggest misconception? That setting your profile to “private” means your information is actually private. Most platforms still share significant amounts of data with advertisers, data brokers (companies that collect and sell personal information), and app developers. Plus, your “private” posts are only as secure as your friends’ privacy settings — when they comment on your post, their friends might see it too.

How It Works

Social media platforms make money by showing you targeted ads, which means they need to know as much about you as possible. They collect not just what you post, but also what you click on, how long you spend looking at posts, which profiles you visit, and even your location data when you use their mobile apps.

Here’s what typically happens when your social media privacy is compromised: Criminals start by gathering public information from your profiles across multiple platforms. They piece together details like your full name, birth date, family members’ names, pet names, schools you attended, and places you’ve worked. This creates a “social engineering” profile they can use to impersonate you or answer security questions on your accounts.

Sometimes the attack is more direct. If you’ve made posts about being out of town, you’ve essentially announced to potential burglars that your home is empty. If you post photos that include your address (like house numbers or mail), location tags, or even just distinctive landmarks near your home, you’re providing a roadmap to your physical location.

The chain of events often looks like this: oversharing on social media leads to successful security question attacks, which leads to email account takeover, which gives criminals access to password reset emails for your financial accounts. It’s rarely just one piece of information — it’s the combination that creates the vulnerability.

Data breaches make this worse. When social media platforms get hacked (which happens regularly), your private information can end up for sale on criminal marketplaces. That “private” data you thought was secure becomes ammunition for identity thieves.

Warning Signs to Watch For

Check your social media accounts monthly for these red flags that indicate your privacy settings aren’t working as intended:

You’re getting friend requests or messages from people claiming to know you, but something feels off about their profiles. This often means scammers are using publicly available information from your accounts to make their approaches seem legitimate.

Your posts are getting interactions from strangers — likes, comments, or shares from people you don’t know. This suggests your content is more public than you intended.

You’re seeing ads for very specific things related to recent private conversations or activities you haven’t posted about. While some targeted advertising is normal, eerily specific ads might indicate apps are accessing more data than you realized.

Friends mention seeing your posts or photos in contexts you didn’t expect — like their friends commenting on your content, or your posts showing up in their news feeds when you thought only close friends could see them.

You’re receiving spam or phishing emails that reference information you’ve only shared on social media. For example, scam emails that mention your pet’s name, your hometown, or recent activities you’ve posted about.

Your profile appears in search results when you search for your own name, even though you thought it was private. Try this regularly — search for your name plus your city, workplace, or other identifying information to see what comes up.

False alarms include getting friend requests from obviously fake accounts (they target everyone, not specifically you) and seeing generic targeted ads based on broad demographics. These are annoying but don’t necessarily indicate a privacy problem with your specific settings.

How to Protect Yourself

Start with these high-impact changes — they’ll give you the most protection for your time investment:

1. Lock Down Your Profile Visibility (Most Important)

On Facebook: Go to Settings & Privacy > Privacy. Set “Who can see your future posts” to Friends. Set “Who can look you up using your email/phone number” to Friends. Turn off “Do you want search engines outside of Facebook to link to your profile?”

On Instagram: Go to Settings > Privacy > Account Privacy and turn on “Private Account.” Under “How Others Can Interact With You,” limit who can tag you, mention you, and comment on your posts.

On LinkedIn: Click your profile photo > Settings & Privacy > Visibility. Set your public profile to show minimal information. Under “How others see your LinkedIn activity,” limit who can see your connections and when you’re online.

2. Review What’s Actually Public

Check your old posts — platforms often change privacy settings retroactively. On Facebook, use the “Limit Past Posts” feature to make old public posts visible to friends only. On Instagram, you’ll need to delete posts that are too revealing since there’s no bulk privacy change option.

Remove personal details from your bio and About sections. Your full birthday, hometown, relationship status, and family members’ names are goldmines for identity thieves. Keep it general — “Midwest” instead of your specific city, birth month and day without the year.

3. Control Location Sharing

Turn off location services for social media apps unless you specifically need them. On iPhone: Settings > Privacy & Security > Location Services. On Android: Settings > Apps > [App name] > Permissions > Location.

Review old posts with location tags and remove them. On Facebook, go to your Activity Log and filter by “Places.” Delete or edit posts that reveal your home, work, or regular hangout spots.

4. Manage App Permissions and Data Sharing

Review connected apps regularly. On Facebook: Settings & Privacy > Apps and Websites. Remove apps you don’t use and limit data sharing for the ones you keep. These third-party apps often have access to far more of your information than you realize.

Turn off ad tracking where possible. This won’t protect your privacy completely, but it limits how much data is shared with advertisers and data brokers.

Free Protections Everyone Should Have in Place

Use different profile photos across platforms so facial recognition can’t easily connect your accounts. Don’t use your real name on platforms where it’s not required — Twitter, Reddit, and TikTok don’t need your legal name.

Enable two-factor authentication on all social media accounts to prevent account takeover even if someone guesses your password. Use an authenticator app rather than text messages when possible.

Regularly Google yourself to see what information is publicly visible. Search for your name, phone number, email address, and home address to see what data brokers and people-search sites have about you.

When Paid Services Make Sense

Identity monitoring services like IdentityProtector.com are worth it if you’re active on multiple social media platforms, have children with online presence, or have already experienced suspicious activity. These services monitor the dark web for your personal information and alert you when your data appears in new breaches.

Paid data broker removal services can be valuable if you find extensive personal information in search results, but start with the free removal requests most sites offer before paying for automated services.

The 15-Minute Monthly Security Routine

• Check your privacy settings on each platform (2 minutes per platform)
• Review recent posts for oversharing (3 minutes)
• Look at friend requests and new followers for suspicious accounts (2 minutes)
• Search your name online to see what’s public (3 minutes)
• Update passwords for any accounts that haven’t been changed recently (5 minutes)

What to Do If It Happens to You

If you discover your social media privacy has been compromised or your accounts have been hacked, act quickly but methodically:

Immediate Steps (First 24 Hours)

Secure your accounts first. Change passwords on all social media accounts, enable two-factor authentication if you haven’t already, and log out of all devices. Most platforms have a “Log out everywhere” option in security settings.

Document the damage. Take screenshots of any suspicious activity, unauthorized posts, or evidence that your information has been misused. Save these with dates and timestamps.

Check your other accounts. If criminals accessed your social media, they may have tried to use that information to hack your email, banking, or other online accounts. Look for password reset emails or login notifications you didn’t initiate.

Who to Contact and in What Order

• Report to the social media platform first using their official reporting tools. This creates an official record and may help with account recovery.
• File a complaint with the FTC at IdentityTheft.gov if you believe your personal information was stolen or misused. This creates an official identity theft report you can use with banks and credit agencies.
• Contact your bank and credit card companies if you’re concerned about financial fraud. They can monitor for suspicious activity and place fraud alerts on your accounts.
• Place a fraud alert on your credit reports by contacting one of the three credit bureaus: Equifax (1-888-766-0008), Experian (1-888-397-3742), or TransUnion (1-800-680-7289). The bureau you contact will notify the other two.

Timeline and Recovery Expectations

Account recovery typically takes 1-7 days depending on the platform and severity of the compromise. Financial account security measures usually activate within 24 hours of your request.

credit monitoring and fraud alerts remain active for one year automatically, though you can extend them if needed. Keep documentation for at least two years — identity theft effects can surface months later, and you’ll need records to prove when the initial compromise occurred.

Full recovery from identity theft can take months if criminals opened new accounts or made significant financial transactions in your name, but social media privacy breaches alone usually resolve much faster with proper immediate response.

FAQ

Q: Is it safe to use my real name on social media platforms?
Using your real name isn’t inherently dangerous, but it does make you easier to find and target. If you choose to use your real name, be extra careful about what other personal information you share publicly.

Q: Should I accept friend requests from people I barely know?
No — your privacy settings are only as strong as your weakest connection. That acquaintance from high school might have lax security settings, making your “private” posts visible to their entire network.

Q: Can I really delete old social media posts, or are they saved forever?
While platforms may retain deleted data in their systems for some time, deleting posts does remove them from public view and makes them much harder for criminals to access. It’s worth doing even if the deletion isn’t technically permanent.

Q: How often should I check my social media privacy settings?
Monthly is ideal, but at minimum, review your settings every time you get a notification about policy changes or new features. Platforms often introduce new sharing options with permissive default settings.

Q: What’s the difference between a private account and just limiting who sees my posts?
A private account means strangers can’t see your posts at all without your approval to follow you. Limiting post visibility still allows anyone to see your profile picture, basic info, and potentially older posts depending on your settings.

Q: Are there social media platforms that are better for privacy?
Some platforms collect less data than others, but any social media use involves some privacy trade-offs. Focus on configuring whatever platforms you use rather than trying to find a perfectly private option.

Conclusion

Social media privacy doesn’t require giving up the platforms you enjoy — it just requires being intentional about what you share and who can see it. The most important step is simply reviewing your current settings, since most privacy issues come from platforms defaulting to oversharing rather than from sophisticated attacks.

Remember that privacy is an ongoing process, not a one-time setup. Platforms change their policies and introduce new features regularly, often with settings that favor sharing over privacy. A few minutes each month reviewing your settings can prevent months of headache recovering from identity theft.

For comprehensive protection that goes beyond what you can do manually, IdentityProtector.com monitors your personal information across the web, alerts you when your data appears in breaches or on criminal marketplaces, and provides expert support if you need help recovering from identity theft. While good social media privacy practices are essential, they’re most effective as part of a broader identity protection strategy that includes credit monitoring, dark web surveillance, and professional recovery assistance when you need it most.

Taking control of your social media privacy today means you can keep enjoying these platforms while protecting what matters most — your identity, your family’s safety, and your peace of mind.