500 million users on Facebook and LinkedIn, each, had personal identifiable information (PII) leaked onto dark web forums. On Saturday, April 4, Business Insider published a report indicating more than 530 million users had data published on these forums and on Wednesday, April 7, Cyber News released a report showing LinkedIn had data scraped and bucketed for sale in the same fashion. Both Facebook and LinkedIn publicly explained no portion of the site was breached in any form. Although, no breaches were disclosed by Facebook or LinkedIn, the fact this much data could be collected at a massive scale should still be a concern for businesses. Here’s what happened and how this information can be leveraged.
In the mass collection, data included full names, email addresses, phone numbers, workplace information, job titles, and more. Threat actors used the “Find My Friends” feature from Facebook and realized they could load phone numbers into the database, Facebook would assume they were friends, and ultimately, give them the information of other users. Facebook claims the information that was obtained is older than September of 2019.
How can this impact business?
Since at least 70% of Americans use various forms of social media platforms, it’s likely some of your employee’s information was included in this data scrape. Through these platforms, threat actors may target some of your employees with scams. If they’re able to compromise accounts belonging to your employees, the fallout could have some negative aspects. They may use the compromised accounts in social engineering schemes against some of your trusted clients, partners, or even other employees.
Business social media accounts are often accessed and controlled through employee’s individual accounts, so there is concern surrounding the compromise of those accounts. Access to personal social media accounts have been used to gain access to linked business accounts to post on the business’ behalf or use the business to further attack end clients in the past. This results in a break in trust from end-clients as well as the potential for future litigation.
An example of a phishing email may be an unexpected email claiming you need to change your password on your account because of unusual activity. These emails appear to be legitimate, the threat actors create a form email that replicates either Facebook or LinkedIn. If they’ve scraped your email address from other compromised social media accounts, they can have your contact information already filled in causing confusion for you and ultimately, getting you to enter in your credentials as they precede to take over your account.
Fraud from this type of attack is only dependent upon knowing your name and email address or other personal information to impersonate you. Threat actors could create other accounts posing as you with your information and cause further problems if they contact clients or vendors of your business.
Threat actors utilize this avenue of attack because it eases the process of initiating the cyber fraud by going around security tools to enter corporate networks. Fortunately, there are things your organization can do to mitigate risks dramatically, such as implementing ongoing cyber security monitoring for malicious activity.
SpearTip’s security operations center has an investigative process that operates 24/7 to ensure we don’t skip a beat when it comes to cyber protection. Our engineers are aware of these developments and actively watch dark web sites to prevent potential compromise. When we find passwords or credentials on these websites, we immediately begin monitoring them to see usage within our environments to block threat actors from utilizing them for malicious use.