Facebook and LinkedIn Leaks, How Do They Affect Users?
Facebook and LinkedIn Leaks, How Do They Affect Users?
According to reports, among leaked personal information, there were phone numbers, email addresses, work data, civil statuses, etc.
During the last days, Facebook and LinkedIn made it into the headlines after data from more than 500 million users were leaked in each of them. As for Spain, it affected at least 11 millon Facebook and Linkedin users although we don't know the figure of the last one exactly.
According to repports on the issue, among personal leaked data, there were phone numbers, email addresses, civil statuses, etc.
These data were obtained through scrapping. It is not therefore an orchestrated attack violating the security of social media, but it is indeed a method that allowed attackers to obtain information to use maliciously.
Facebook case
Even though the Facebook leak took place in 2019, it was now when data from millions of users came out of the deep web, where they had been going around at high prices and were accessible in popular cybercrime forums for free.
From Facebook, they released a statement where they talked about cybercriminals compilling user information, violating the terms and conditions of the social network, because it was not caused by a security breach.
Still we should remind you that Mark Zuckerberg's social network already accumulates several fines for privacy scandals.
LinkedIn case
As for Linkedin, the whole thing became public days after, thanks to CyberNews, who located in a popular hacking forum a user that was offering a user database containing 500 million users from LinkedIn, a 70% of the total amount of users, and furthermore, as proof for its authenticity, it left 2 million profiles free to check previously paying 2 dollars for every check.
From LinkedIn they released another statement claiming that there was no "leak" as such. "We investigated what are supposedly some of the data from LinkedIn up for sale and we concluded that they were actually data compiled from several websites and companies. They include data from publicly visible member profiles that seem to have been retrieved from LinkedIn. It is not a LinkedIn data breach, and no data from LinkedIn's private member accounts have been included for what we were able to check."
For we don't know whether the author of said threat is selling updated LinkedIn profiles or if data were retrieved and added to a previous leak suffered by LinkedIn or other companies a while ago. Whether through a breach or gathering data from different websites, the truth is that lists of data have become public and are up for sale in RaidForums and they ask for amounts of at least 4 figures for the whole database.
What woud a cybercriminal want those data for?
Although the filtered data are not overly sentitive, they do are useful for attackes to have lots of material to carry out phishing attacks, as well as doing malicious campaigns through email or phone, or even try to get passwords from personal accounts.
As we discussed recently in this blog phishing attacks are a way of cybercrime that consists of sending emails that seem to come from a known provider but whose purpose is to actually manipulate and scam the recipient and thus get hold of confidential information. So leaked databases could be used by cybercriminals for malicious purposes.
What does scrapping consist of?
Scrapping, is a common startegy that is often based on an automated software to retrieve public information from the Internet that could end up being distributed in online forums like this one.
This is another example of the constant and hostile relationship IT companies have with scammers that intentionally break the platform's policies to scrap Internet services.
Better safe...
Even though both companies excused themselves claiming that they did not had security breaches, they seem to have a problem with public data scrapping.
In face of that, users can take some preventive measures, such as making our profiles private, so that the general public cannot see them.
In addition, it is also advisable to change passwords every once in a while and of course not to use the same one for different platforms.
If you have any doubts about your data being among the filtered ones, the expert on cybersecurity Troy Hunt, investigating the issue has retrieved and compilled most of the data and enabled a portal where users can know whether they have been victims of the incident.
For higher security, at Uniway we offer trainning to company workers about good practices related to information security, in order to avoid them from being victims of different scams and so that they learn to protect their information and not become victims of this type of incidents.
These might interest you...
