Over the weekend, hackers successfully exposed the personal data of 533 million Facebook users. The primary concern is with the way this opens the door for cybercriminals, who could potentially use this information to scam them and gain access to their accounts.
Looking at the wider ramifications of the issue for Digital Journal is voice security expert and CEO of Pindrop, Vijay Balasubramaniyan.
Balasubramaniyan believes this further amplifies the role that technology needs to play in protecting consumer data.
Balasubramaniyan begins by setting the scene and the announcement of the data loss: “Back in January, a user of a low-level cybercriminal forum was discovered selling access to a database of phone numbers belonging to Facebook users, and conveniently letting customers look up those numbers by using an automated Telegram bot.”
What this means is, Balasubramaniyan explains: “The information tied to a piece of personal information like a phone number is exactly the information needed by fraudsters to begin to social engineer contact center agents and take over customer accounts.”
With the exposed data, Balasubramaniyan says the significance is: “The ease of access for this new bot means that even unsophisticated cybercriminals or hackers can obtain the information. It provides the ability for fraudsters to easily spoof a phone number and have pages of personal data at-the-ready to help fraudsters face any scrutiny from a call center agent about their identity.”
How can such a thing be prevented in the future and what can smaller companies learn from this issue? Here Balasubramaniyan recommends: “To negate the massive amount of data available for fraudsters to use social engineering to bypass controls, security professionals should push to leverage technology to help establish identity, instead of the mere possession of the correct answers. Simple ANI validation and matching can thwart low level or inexperienced cybercriminals looking to cash in on the free data.”
With ANI validation, this refers to automatic number identification. This is a feature of a telecommunications network for automatically determining the origination telephone number on toll calls for billing purposes.
