According to the information, among the leaked personal data were the mobile phone, email address, employment data, marital status, etc.
In recent days, Facebook and Linkedin have been in the news by uncovering the data leakage of more than 500 million users, in each one. at least 11 million users of Facebook and Linkedin have been affected, although the figure for this company is not yet known.
According to the information, among the leaked personal data were the mobile phone, email address, employment data, marital status, etc.
Obtaining this data, both on Facebook and Linkedin has been done through scrapping. It is not, therefore, a targeted attack violating the security of social networks, but it is a method that has allowed attackers to obtain information to use for malicious purposes.
Facebook case
Although the Facebook leak occurred in 2019, it is now that the data of millions of users have left the deep web, where it had been hovering for months at high prices and is accessible in popular cybercrime forums and for free.
From Facebook, they have issued a statement in which they speak of cybercriminals collected the information of users violating the terms and conditions of the social network, but that has not been the cause of a security breach.
It should be remembered that Mark Zuckerberg’s social network already accumulates several fines for privacy scandals.
Also Read: What Is Mobile Device Security?
Linkedin case
In the case of Linkedin, it came out a few days later thanks to CyberNews, who have located in a popular hacking forum a user who was offering a user database with 500 million LinkedIn users, 70% of the total users and As if that were not enough, as proof of its veracity, it has left 2 million profiles to consult previously at $ 2 per consultation.
From Linkedin, they have issued a statement claiming that there has not been a ‘leak’ as such. ” We have investigated an alleged set of LinkedIn data that has been put up for sale and determined that it is an aggregation of data from several websites and companies. It includes data from publicly visible member profiles that appear to have were pulled from LinkedIn. This is not a LinkedIn data leak, and no data from private LinkedIn member’s accounts have been included in what we’ve been able to review. ”
It is currently unknown if the author of the threat is selling updated LinkedIn profiles or if the data was taken or added to a previous breach suffered by LinkedIn or other companies long ago. Either by filtering or by aggregating data from different websites, the truth is that lists of data have come to light that has been put up for sale on RaidForums and ask for figures of at least 4 digits for the entire database. data.
What might a cybercriminal want this data for?
Although the filtered data is not excessively sensitive, it is useful for attackers to have a great deal of material to carry out phishing attacks, as well as carry out malicious campaigns via email or telephone, or even try to obtain the passwords of the personal accounts.
As we have recently commented on this blog, phishing attacks are a form of cybercrime that consists of sending emails that appear to be from a known provider but whose purpose is to manipulate and defraud the recipient and thus obtain confidential information. Therefore, the leaked databases could be used by cybercriminals for malicious purposes.
Also Read: Basic Security Issues When Using Email
What is scraping?
The scraping or scraping in English is at common Actica often relies on a software automated to raise public information on the Internet that may end up being distributed online forums like this.
This is another example of the ongoing and adverse relationship tech companies have with scammers who intentionally break platform policies to scrape Internet services.
Better to be safe …
Although both social networks have excused themselves claiming that they have not suffered security breaches, it seems they have a serious problem with the scraping of public data.
Given this, users can take some preventive measures, such as closing the display of our profiles to the general public.
In addition, it is advisable to change the passwords from time to time and of course not use the same one for different media.
If you have doubts about whether your data may be among those leaked, the cybersecurity expert Troy Hunt, investigating the matter, has obtained and collected much of the data and has enabled a portal where users can find out if they have been victims of the incident.