Category: Facebook

Consumer Reports is reporting that Facebook has built a massive surveillance network:

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data. The Markup helped Consumer Reports recruit participants for the study. Participants downloaded an archive of the previous three years of their data from their Facebook settings, then provided it to Consumer Reports.

This isn’t data about your use of Facebook. This data about your interactions with other companies, all of which is correlated and analyzed by Facebook. It constantly amazes me that we willingly allow these monopoly companies that kind of surveillance power.

Here’s the Consumer Reports study. It includes policy recommendations:

Many consumers will rightly be concerned about the extent to which their activity is tracked by Facebook and other companies, and may want to take action to counteract consistent surveillance. Based on our analysis of the sample data, consumers need interventions that will:

  • Reduce the overall amount of tracking.
  • Improve the ability for consumers to take advantage of their right to opt out under state privacy laws.
  • Empower social media platform users and researchers to review who and what exactly is being advertised on Facebook.
  • Improve the transparency of Facebook’s existing tools.

And then the report gives specifics.

In today’s digital age, nearly one in ten individuals possesses a Facebook account, and a comparable user base is anticipated for Instagram, now under the ownership of Meta, the parent company of Facebook. However, the revelation that these platforms extensively gather user data raises concerns about privacy. A recent study by Surfshark sheds light on this data collection practice.

Interestingly, when compared to its competitors, Twitter, another prominent social media platform, is found to collect relatively less data. Nevertheless, Twitter also engages in data collection, albeit with the aim of enhancing user experience.

According to Surfshark’s report, companies owned by Mark Zuckerberg, namely Facebook and Instagram, stand out by collecting all 32 data points analyzed in the study. This includes personal information such as names, addresses, and phone numbers, which are utilized to track user activity. Additionally, data like geo-location and browsing content contribute to the creation of user profiles, enabling targeted advertising and services.

The question arises as to whether the collected data is shared with third parties or remains secured on the servers. Although many tech giants claim not to share data, there is an underlying reality where data sharing occurs for analytics and marketing purposes.

In general, social networking and messaging platforms collect various data points, such as email addresses used during sign-up and metadata indicating the creation time of photos or data files. Notably, platforms, excluding Telegram, do not collect specific personal information like political and religious beliefs or health-related data.

Address books, call logs, and SMS history are also collected if users opt to upload, sync, or import such data during sign-up. Financial transaction details conducted through the company’s products, like credit or debit card information and CVVs, are collected and safeguarded. Even Twitter engages in this practice, particularly for premium users.

The question then arises: is it prudent to share such critical details?

While companies argue that storing such data streamlines future transactions and allows for targeted advertising, oversharing can lead to issues like information leaks and identity theft, especially in the event of a cyber-attack on the collecting business.

The post Facebook and Instagram collect immense data from users appeared first on Cybersecurity Insiders.

Hacking fears are raised at Western Europe's most hazardous building, why porn sites might soon be scanning your face, and our guest narrowly avoids a Facebook Marketplace scammer. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis.
Don’t minimise your Teams Meeting video call too hastily, you might reveal your dirty secrets! Would you be prepared to pay for Facebook and Instagram? And who is being faked to promote cryptocurrency scams? All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by technology journalist Jane Wakefield. Plus – don’t miss our featured interview with Push Security founder and CEO Adam Bateman.

Facebook, the world’s leading social networking platform, has recently made headlines for all the wrong reasons. The company led by Mark Zuckerberg has found itself in the news due to a troubling trend: it has become a target for cyber criminals hailing from Vietnam, who are utilizing stolen account credentials for various nefarious purposes, including selling them on the black market, identity theft, financial loss, and emotional distress.

While Facebook’s customer support teams are tirelessly working to address these issues, the situation is far from ideal.

So, how are these cyber criminals managing to siphon off account credentials from Facebook, often referred to as FB?

The cyber crooks from Vietnam are employing tactics that involve exploiting weak passwords and pilfering cookies from web browsers.

Cookies, in this context, are small pieces of information that websites store on a user’s browser. This allows websites to remember a user’s purpose for visiting, as well as their login details. Consequently, the user doesn’t need to repeatedly enter their password to access a service. A single password input grants access to various services provided by a single company within the same browser session. For browsers like Firefox, these cookies remain active until the user closes the browser, after which the data stored in the cookies disappears.

Hackers are employing techniques to steal data from these cookies without requiring the user to enter a password or verification code.

Interestingly, the dark web is rife with sites offering information from over 1,000 cookies for a mere $69. In the case of Facebook emails, a collection of 100 account details can be obtained for $30.

These stolen credentials empower hackers to perpetrate scams, frauds, or resell datasets with active information. It’s important to note that threat actors can use stolen Facebook login credentials to access personal information from emails, manipulate payment methods, or pilfer photos and videos stored on Facebook accounts.

In this precarious digital landscape, implementing robust security measures is crucial. This includes employing threat detection solutions, using strong passwords that consist of a combination of alphanumeric characters and a few special characters, and ensuring they are at least 14 characters in length. Enabling multi-factor authentication further enhances account security, making it significantly more challenging for hackers to gain unauthorized access.

Additionally, exercising caution when it comes to clicking on links sent by unknown sources via emails, WhatsApp, or SMS is advisable in order to navigate these cyber threats more safely.

The post Vietnam hackers start stealing Facebook Credentials appeared first on Cybersecurity Insiders.

“Ukraine Cyber Alliance Takes Down Trigona Ransomware Gang, Wipes Their Data Clean”

In recent times, we’ve witnessed numerous headlines about ransomware groups wreaking havoc on corporate networks. However, this time, the ‘Ukraine Cyber Alliance,’ a group of activists, managed to infiltrate the Trigona Ransomware gang’s database and completely obliterate their operations. Notably, they absconded with sensitive information, including source code, decryption keys, and some cryptocurrency earnings acquired by the gang during the month of September this year.

A technical analysis released to the media indicates that the gang exploited a known vulnerability, CVE-2023-22515, to breach the Confluence database and gain access to this critical information. As our analysis team continues to investigate, we will provide updates as soon as further details are confirmed.

“Data Deletion Hack Targets Facebook Users”

For the first time in the history of hacking, a hacker or hacking group successfully took control of a Facebook account belonging to a photographer. They systematically deleted images and customer orders that had been stored on the account for the past seven years. The account holder, Doug Bazley from Queensland, expressed deep disappointment at the data wipe and reported the incident to Meta’s subsidiary, which subsequently launched an inquiry into the matter.

The hack appears to have occurred after Doug clicked on a phishing link that arrived in his inbox, cleverly disguised as a Meta company communication. The perpetrator(s) assumed control of the web page, altering the profile photo, changing the account holder’s name, and systematically erasing all the data that had been stored for years. Doug also voiced his dissatisfaction with the security measures Facebook imposes on user accounts. As the issue remains under investigation, it may take some time for all the facts to be revealed. Notably, deleted data often remains stored in the archival database of the social media giant for a certain period.

“Criminal Gang RansomedVC Compromises District of Columbia Board of Elections”

The District of Columbia Board of Elections (DCBOE) fell victim to a criminal gang known as RansomedVC, infamous for data extortion and their hefty demands for decryption keys. The attack followed an unconventional path, with the criminals initially targeting the hosting provider DataNet before gaining control of the online platform housing Washington DC Election Authority data.

To substantiate their claims, the gang leaked approximately 60,000 lines of voter information belonging to Washington DC voters and listed the data for sale on the dark web. The exposed information includes Social Security Numbers, driver’s license details, dates of birth, phone numbers, and email addresses. Law enforcement agencies such as the FBI and DHS have taken note of the data breach and are actively investigating these claims.

It is noteworthy that this same criminal gang, RansomedVC, was previously involved in the server hack of Sony and was confirmed to have stolen over 260GB of files in that incident.

The post Interesting cyber attack headlines trending on Google for this day appeared first on Cybersecurity Insiders.