Connect with us

Hi, what are you looking for?

Tech & Science

Why has a data leak of 1 billion social media profiles occurred? (Includes interview)

In October 2019, dark web researcher Vinny Troia discovered a data ‘treasure” trove of exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all. It consists of scraped information from social media sources like Facebook and LinkedIn.

The data included social media accounts plus 50 million phone numbers and 622 million emails. The expert who found the hoard is not sure who hosted the server or if anyone has accessed it; however, the find signals weaknesses with many social media accounts and the providers of content.

To look at the find in more detail, Robert Prigge, President of Jumio tells Digital Journal why the size of this data issue matters: “If you find the term “mega-breach” concerning, it’s with good reason. The scale of this breach is massive, with 1.2 billion Facebook, LinkedIn and Twitter profiles exposed, as well as 662 unique email addresses and 50 million phone numbers.”

Social media — a constant companion.

Social media — a constant companion.
© FT

He also notes that that the way the information as collected and stored was unusual: “It’s interesting that this breach leaked data that is for legitimate sale on the internet via data-selling companies. We can say with absolute certainty that this compromised data will also find a home on the dark web, where it will be bought and sold for profit and combined with other available information to create a “fullz”, giving fraudsters everything they need to commit automated account takeover fraud.”

Prigge notes that this type of data breach remains an ever present concern: “We live in an era where information from disconnected data breaches, as well as legitimate data-selling companies, are often combined to create comprehensive identity profiles on the dark web, incorporating everything from personal identifiable information, to job history, to shopping preferences, to dating profiles, and more. The deep level of intel available is frightening, and it’s making it extremely easy for criminals to commit digital identity fraud via a number of different ways.”

He sees Facebook as particularly vulnerable: “This breach alone exposed Facebook profiles, as well as email addresses, and all fraudsters need to do is look for a consumer’s exposed passwords in a disconnected breach and they will have a good chance at gaining access to their Facebook account, and subsequent connected accounts, since 50 percent of Americans recycle passwords across multiple websites.”

This means, according to Prigge, people need to take a new approach to security: “This is why traditional authentication methods, like passwords and 2FA, or authentication methods that can easily be guessed, like KBA, need to be eliminated. It is critical that organizations adopt biometric-based authentication to ensure a user is who they say they are when operating online.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The phishing email, used to deliver the LockBit Black ransomware, was found in environments protected by Microsoft APT and TrendMicro.

Life

Actinic keratoses (also called solar keratoses) are dry, scaly patches of skin that have been damaged by the sun.

Business

If you are a manager, how should you ensure that you’re doing everything you can to protect your workplace and workforce?

World

Cloud can both protect Earth from the Sun's radiation or trap it in like a blanket, scientists say - Copyright AFP/File Daniel ROLANDJuliette CollenWill...