https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Master Agents
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity & Inclusion
  • MSSP Insider
  • MSP 501
    • Back
    • Apply Now
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • Videos
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
    • Channel Educational Series
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
    • Channel Convergence
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Content Resources
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • Excellence in Digital Services
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Shutterstock

Facebook Security

Dumped Facebook Users’ Personal Information Ripe for Cyberattacks

  • Written by Edward Gately
  • April 5, 2021
The Facebook user data was released this weekend practically for free.

The cellphone numbers and other personal information of 533 million Facebook users from 106 countries has been posted online. Cybercriminals can use the information to launch attacks.

Alon Gal, CTO of cybersecurity firm Hudson Rock, tweeted about the data dump this weekend. The United States had 32.3 million affected users and United Kingdom had 11.5 million.

All 533,000,000 Facebook records were just leaked for free.

This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.

I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8

— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

The released data includes Facebook users’ mobile numbers, name, gender, location, relationship status, occupation, date of birth and email addresses.

According to Bleeping Computer, the data was originally sold in private sales after being collected in 2019 using a bug in the “Add Friend” feature on Facebook. Facebook closed this vulnerability soon after discovering it. But threat actors continued to circulate the data until it was practically free over the weekend, it said.

Unscrupulous Scammers Will Use All the Information They Can Get

Purandar Das is CEO and co-founder at Sotero.

Sotero Software's Purandar Das

Sotero’s Purandar Das

“This makes you wonder as to how much of that information ends up in the legitimate marketing industry,” he said. “It only takes a few vendors to integrate this data into the broader data set the marketing industry uses. Mobile numbers and Facebook handles are typically in pretty high demand. Of course, the unscrupulous scammers will use every bit of information they can get in their scams.”

Setu Kulkarni is is vice president of strategy at WhiteHat Security. He calls the data dump “the tsunami of the past.”

WhiteHat Security's Setu Kulkami

WhiteHat Security’s Setu Kulkami

“While Facebook has fixed the issue, the damage of exfiltration of sensitive data occurred before the vulnerability was fixed,” he said. “Considering that millions of phone numbers are out in the open, along with enough personal data about the phone number owners, it is likely that there will be a spike in smishing. Now more than ever, it is important to seriously reconsider using phone numbers as logins or sharing phone numbers with apps. Switching phone numbers is inordinately more taxing than switching email IDs.”

Common Attack Pattern

Michael Isbitski is technical evangelist at Salt Security. He said content scraping is a common attack pattern. At the very least, the data is useful to attackers for phishing campaigns and social engineering, he said.

Salt Security's Michael Isbitski

Salt Security’s Michael Isbitski

“Organizations must protect their APIs and monitor consumption continuously in order to catch such malicious activity as content scraping or authorization bypasses,” Isbitski said. “API security issues can also expose organizations to regulatory penalties, since many standards and legislation … explicitly define types of personal identifiable information (PII) that must be protected. This includes phone numbers and account identifiers as seen in the leaked Facebook data sets.”

Cybercriminals can combine even seemingly innocuous types of data to uniquely identify individuals and impact privacy, he said.

No Surprise

Digital Shadows' Ivan Righi

Digital Shadows’ Ivan Righi

Ivan Righi is a cyber threat intelligence analyst at Digital Shadows. He said it’s not a surprise that this data leak has resurfaced. Few threat actors could buy the data when it it initially carried a relatively steep price.

“The breach was probably resold multiple times since then until the price lowered enough that a user decided to publicly expose it to generate a small profit and increase reputation,” he said. “This activity frequently happens in criminal forums. While the data may be old, it still holds a lot of value to cybercriminals.”

It is likely most phone numbers are still active and remain linked to legitimate Facebook users, Righi said. Cybercriminals can use information such as phone numbers, emails and full names to launch targeted social engineering attacks. Those include phishing, vishing or spam.

Cybercriminals may find success with most people working from home, he said.

“For example, cybercriminals could send text messages impersonating companies or banks to users,” Righi said. “These messages could name the individual within the text to add credibility and include malicious links.”

Tags: MSPs VARs/SIs Best Practices Mobility & Wireless Regulation & Compliance Security Strategy

Related


  • Twenty, 20
    The CF List: 20 Top UCaaS Providers You Should Know
    Zoom's meteoric rise prompted other venders to improve their offerings.
  • Website URL https
    Samsung Ascend Partner Portal Update Includes Automated Marketing Engine
    It also now offers personalization for those who sell displays and Samsung Galaxy phones.
  • You're hired
    Splunk Appoints AWS, Microsoft Vet to President, Chief Growth Officer
    The new executive will help guide Splunk’s channel sales and channel strategy.
  • VPN shield on a digital background
    Fortinet FortiOS VPN Likely Exploited by Hackers, Feds Say
    Threat actors have been targeting VPNs even more this last year.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Top 20 Channel Stories in March: Telarus, Synnex-Tech Data, Microsoft Hack
  • Dell Channel Leader Cheryl Cook Touts 'Outpacing' Lenovo, HP
  • Converge Technology Solutions Snaps Up Dasher Technologies, with More M&A to Come
  • AT&T Partner Solutions Taps New Partner Exchange, Wholesale VPs

Galleries

View all

10 Ways to Keep Customers Safe with Threat Protection by Year’s End

April 9, 2021

Industry Perspectives

View all

Why Every MSP Should Consider TCO When Selecting a BCDR Solution

April 9, 2021

6 Ways to Ready Your Customers for 5G Security Challenges

April 5, 2021

Endpoint Security Is Huge in the Merging New World of Work

April 2, 2021

Webinars

View all

Top 3 Intel Security Technologies To Help Against Advanced Cybercrime Attacks

April 15, 2021

What to Look For: 2021 Threat Report

April 22, 2021

Health Care and SD-WAN: A Seller’s Guide

April 27, 2021

White Papers

View all

Top Tips: How Resellers Can Leverage Rackspace to Enhance Customer’s Cyber Security Protection with Microsoft 365 Security

March 30, 2021

Top Tips: Optimize Your Microsoft 365 Investment with Rackspace Technology

March 30, 2021

The Smart Approach to Cloud Workload Placement Decisions

March 19, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

MSP Summit

November 1, 2021 - November 2, 2021

Channel Evolution Europe

November 30, 2021 - December 1, 2021

Videos and Fastchats

View all

FASTCHAT: How Fortinet Reduces Complexity Through Networking, Security

Strong Customer Experience Needs Strong Partner Experience

December 22, 2020

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

2021 Excellence in Digital Services Awards App Open

December 9, 2020

Twitter

ChannelFutures

"Who could ask for more?? These guys bring an awesome energy and always highlight the need-to-know of the channel..… twitter.com/i/web/status/1…

April 10, 2021
ChannelFutures

Anti-Asian racism, and racism and discrimination of all forms, have zero place in our society. #StopAsianHate and t… twitter.com/i/web/status/1…

April 9, 2021
ChannelFutures

MSSP @inc_renaissance promotes Trish Kapos to channel chief. #cybersecurity dlvr.it/RxLQ6g https://t.co/oWCdHeRqIW

April 9, 2021
ChannelFutures

.@GetSpectrum ordered to pay @Windstream more than $19 million for deceptive mailer. #lawsuit… twitter.com/i/web/status/1…

April 9, 2021
ChannelFutures

.@Percona says channel can help with #opensource solutions and #databases for everything from aspirational to must-… twitter.com/i/web/status/1…

April 9, 2021
ChannelFutures

Our latest #Cybersecurity Roundup features @HuntressLabs on @Microsoft Exchange exploitation, @ptsecurity,… twitter.com/i/web/status/1…

April 9, 2021
ChannelFutures

.@SemperisTech unveils first branded partner program. #cybersecurity dlvr.it/RxH4Bq https://t.co/TVjG8xhGNv

April 8, 2021
ChannelFutures

.@PerchSecurity announces its 2021 MSP Threat Report, calling on MSPs to build a mature cybersecurity practice.… twitter.com/i/web/status/1…

April 8, 2021

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X