Take a fresh look at your lifestyle.

Hacker recycles data from half a billion Facebook users

Drexel University’s online computer science programs are designed to prepare you for cutting-edge work. The curriculum is designed for students with any level of experience or prior knowledge. Choose the program that suits you. Find out more.

A rich cache of data from about 533 million Facebook users was posted to a hacker forum over the weekend and is practically free to download. The information comes from a data breach that took place in 2019, but was not generally available until now.

The data was posted on an English-speaking cyber-criminal forum called RaidForums by a hacker who went to handle TomLiner.

The Facebook data was first put up for sale on RaidForums on June 6, 2020, but the initial sale reportedly charged users $ 30,000 in exchange for the data, ” explains Ivan Righi, a cyber threat intelligence analyst at Digital Shadows, a San Francisco. – based provider of digital risk protection solutions.

Tomlin Ee’s post revealed the data for eight forum tokens – about $ 2.52, “he told Tech News World.” The data has been unlocked by nearly 3,800 users, bringing Tomlin ER more than $ 9,500. ”

Michael Is bitski, a technical evangelist at Salt Security, a Palo Alto, California-based provider of API security, added that at the time of that 2019 incident, Facebook reported that 220 million users’ data had been scraped before the company restricted access in the platform to protect users’ privacy.

“It is likely that this is in part the old dataset that has resurfaced and combined with other scraped datasets as the number has now exploded to 533 million users,” he told Tech News World.

Phone Number Flaw

In a statement by Facebook to Tech News World, the company said it is confident that the information posted is old data that stemmed from a weakness in the contact importer feature that was discovered and fixed in August 2019.

At that point, the company explained, the company removed people’s ability to find others directly with their phone number on both Facebook and Instagram – a feature that could be exploited using sophisticated software code to impersonate Facebook and a phone number. to find out which users it belonged to.

Using that software, it went on, it would have been possible to enter multiple phone numbers and, by running an algorithm, associate numbers with specific users.

Facebook never returned a phone number, it explained, the attacker provided the numbers to perform the pairing with.

This process made it possible at the time to request user profiles and obtain a limited amount of publicly available information, it added.

Playbook for ID Theft

While the data may be old, it still holds value to hackers, cyber security experts told Tech News World

Granted, the value of the data has diminished as a marketable asset, noted Andrew Barratt, head of solutions and studies at Coal Fire, a Westminster, Colo. established cyber security advisory service provider.

But the data is still an out-of-the-box playbook for identity theft, impersonation and potential Facebook account takeover, often with far-reaching implications if Facebook accounts are used to access other sites or services, “said he.

Look at the number of fitness tracking systems that record relevant health data that use a Facebook login to get in, ”he added.

Right noted that it is likely that most phone numbers are still active and will remain associated with legitimate Facebook users.

Cyber ​​criminals can use information such as phone numbers, emails and full names to carry out targeted social engineering attacks such as phishing, cushing or spam, “he said.” Since most users are still working from home due to the pandemic, these attacks can be effective if personalized to target victims. ”

Now more than ever, it’s important to seriously rethink the use of phone numbers as logins or sharing phone numbers with apps, ”added Setup Kulkarni, vice president of strategy at White Hat Security, a San Jose, California-based application security provider.

“Switching phone numbers is inordinately tougher than switching email IDs,” he added.

Exploiting the Pandemic

Being in the middle of a pandemic could also add value to the recycled data from the Facebook breach.

“Having access to all data can be a gold nugget for criminals organizing large spam or phishing campaigns,.many of which are tailored to pandemic themes – stimulus checks, masking policies b geographic restrictions or track and trace scenarios,”.said Barratt. 

“Whether it is more or less valuable is complex because of the general state of the world economy,” he continued.     

“It may be more difficult to scam a person for a higher amount, but it may be possible to scam a greater number of people for smaller amounts that are ‘on trend’ from a pandemic perspective,” he explains.

from. Staryu Nayarit, CEO of Guru Ultra, a threat intelligence company in El Segundo, California, added that the global scale of the pandemic could be an asset to scammers armed with data from the Facebook breach.

Each country is in different stages of struggle with the introduction of their Covid-19 vaccine, and cyber criminals can absolutely use this data to develop misinformation about vaccines, “she told Tech News World.” nailheads already:

Get your vaccine today – new vaccination center near you! Find out which of your neighbors have Covid-19. Choose which vaccine you get with our new app, ”she described. Daniel Markus On, digital privacy expert at Nord vpn, a VPN service provider based in Nicosia, Cypress noted in a statement that his company discovered vaccine-related Google searches in the United States.

States are up 1,900 percent since January. “This shows that Americans are increasingly eager to get their Covid-19 vaccine and that it could be an easy target for hackers,” he reasoned. Markus On added that Interpol in December has issued a warning to law enforcement officials in 194 countries to prepare them for crimes involving Covid-19 vaccines and investigators have also reported vaccine-related activity on the Dark Web, he added.

No Stranger to Breaches

Over the years, the social network has been the target of a number of major data breaches.

“Facebook has been hit by data incidents from every angle,” said Paul Bosch Off, privacy attorney at Comparing, a review, advice and information website for consumer security products. “It has left user data on exposed servers, enabled app developers to exploit access to user accounts, and left bugs in code that hackers could exploit to steal data,” he told Tech News World.

“In addition, most Facebook profiles are public, which means that third parties can scrape them using bots,” he said.

Data security and privacy were never high in the minds of the Facebook developers when they built the platform,

nurturing Pur And Ar Das, CEO and co-founder of Steroids, a data protection company in Burlington, Massachusetts.

“On the other hand, the platform was all about monetizing the users’ data,” he told Tech News World.

“If you design products or platforms that start out with no regard for security and privacy,” he said, “it becomes very difficult to go back and adapt those capabilities afterwards.”