Facebook Co-Founder, Chairman and CEO Mark Zuckerberg arrives to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. It was recently announced that the personal information of around 533 million Facebook users from 106 countries has been disclosed. (Photo: Chip Somodevilla / Getty Images)
Security researchers tend to believe Facebook when the social media giant says the data breach reported over the weekend is the same as it was dealt with in 2019. But some argue that the situation shows why Facebook needs to rethink how it handles and secures personal information.
According to many published reports, the personal data of around 533 million Facebook users from 106 countries have been exposed. Facebook claims that “this is old data that was reported back in 2019.”
In fact, similarities in the information revealed as part of this leak to that revealed in the original Facebook leak in 2019 would suggest the record is the same, said Timothy Chiu, vice president of marketing at K2 Cyber Security.
“We have to take Facebook at its word that they have fixed the vulnerability, at least until there is a leak with other / newer information or they report something else,” said Chiu. “Assuming the data that is being published is the same – and this time for free – there isn’t really anything Facebook can do at this point.”
Ivan Righi, Cyber Threat Intelligence Analyst at Digital Shadows, added that while Facebook patched the vulnerability, exploiting the vulnerability allows cybercriminals to build a large database of data from millions of users. According to Righi, it’s no surprise that this data breach has surfaced again. Originally, the data was offered at a relatively high price, which limited the number of threat actors who would have been able to purchase the offer. However, it is likely that the breached data has been resold multiple times since then, until the price dropped enough that a user decided to publish it publicly for a small profit and increase its reputation.
“This activity is common on criminal forums,” said Righi. “The data may be old, but it is still of great value to cybercriminals. It is likely that most of the phone numbers are still active and staying connected to legitimate Facebook users. Cyber criminals can use information such as phone numbers, emails and full names to launch targeted social engineering attacks such as phishing, vishing or spam. ” With most users still working from home due to the pandemic, the attacks could also be effective if tailored to the victims, he added. For example, cyber criminals could send text messages to users posing as businesses or banks, including the person’s name in the text for credibility and including malicious links.
Charles Herring, WitFoo’s co-founder and chief technology officer, said Facebook’s business model of treating personal information like a commodity that is bred and then monetized leads to criminal efforts to steal those coveted records. This leads to ongoing ramifications, he said, including this leak of data that comes after the list of early buyers was exhausted.
“Facebook’s business principles created a record where they controlled who they sold it to, with limited restrictions,” Herring said. “The initial break made the data available to criminals who were willing to pay for it, and now it’s available to telemarketers, salespeople, debt collectors, stalkers, scammers and the rest of the world. These practices have made Facebook members more vulnerable than ever. “
Einige Teile dieses Artikels stammen aus: