Breach Brief – Facebook, LinkedIn

Published On April 13, 2021 | By Tom Huskerson | News and Analysis

Once again Facebook is caught handling personal data like a child splashing in a kiddie pool. Now according to Facebook it was not a hack or data breach at all. Just some aggressive hacker scraping data from its pages. I wanted to get their side of the story out there first, They have a right to explain how they see it and we will get back to that.

So heres what we know happened. According to experts at cyber-intelligence firm Hudson Rock the personal information of half a billion Facebook users has been leaked online. The data includes phone numbers, locations, birth dates, Facebook IDs, full names, and email addresses. The data was found on a website used by hackers. 

Alon Gal, Chief Technology officer at Hudson Rock said the records appear to be a few years old and relate to users in 106 countries of which 32 million reside in the United States.

Now for Facebook’s argument. Andy Stone a Facebook spokesman told CNN, “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.” To which Gal pointed out that the age of the data did not preclude it from being effectively exploited by cyber-criminals and identity thieves. 

“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” said Gal on Twitter.

But there is slightly more to the story than that. Did Facebook really fix the issue in 2019? Not according to experts. Researchers are saying that Facebook has known of similar vulnerabilities that caused this data breach and just basically ignored the issue.

And that appears to be true according to Facebook. Director of Product Management for Facebook, Mike Clark tried to tamp down the concern about the massive breach in a blog post published to the company’s newsroom. Most shocking was that the post and additional reporting from Wired reveals a previously unreported breach of Facebook’s systems.

Clark acknowledged a report from Business Insider relating to the data of some 530 million Facebook users, but pointed out that the information was scraped and not obtained through a hack. He adds that Facebook is “confident” that it rectified the issue.

“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019,” Clark writes. “This feature was designed to help people easily find their friends to connect with on our services using their contact lists.”

And that is Facebook’s story and I am sure they will stick to it. Either way you look at it your Facebook data is again out in the wild of the internet. Tidbits of information add up and Facebook has a plenty tidbits and they seem to splash it around like water in kiddie pool.

You can check to see if your data was splashed out onto the internet by following these steps.

  • Go to haveibeenpwned.com and enter your email address to see if your email has been compromised.
  • If your email is shown to be part of the breach, you should change your password and enable two-factor authentication. The founder of haveibeenpwned.com is reportedly considering adding the leaked phone numbers to the database to help people determine whether their phone numbers have been leaked.

LinkedIn

Again we have a situation where personal information seems to have escaped its handlers. And again it may not have been a hack but a scrape.

According to security news and research group CyberNews a trove of 500 million LinkedIn records were scraped from the site. The stolen LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data. Not overly sensitive information but personal enough to cause concern. More on why in a minute.

CyberNews analysts found the information in an online forum for hackers and were able to determine that the data was associated with LinkedIn user accounts.  How old the data is and how it was obtained is an unanswered question at this time.

In their defense LinkedIn issued a statement saying that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies.” It could mean that hackers, or scrapers in this case, created the data set with information from multiple sources.

Microsoft, which owns LinkedIn say the information was almost definitely scraped and not the work of hackers penetrating their networks.

Now lets get to why the data, while not overly sensitive, could still be a problem. Now the scraped LinkedIn data did not include any credit card information or Social Security numbers. But it does include data that helps bad actors perform other sophisticated hacking attempts. An example is hackers using data like email addresses and phone numbers to conduct more convincing phishing attacks in which they send people bogus emails that look real but contain links to malicious websites.  A hacker is a resourceful, intelligent, annoying and disgusting creature that cost people, companies and governments billions every year. If you see one call the cops or an exterminator.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.