Cybersecurity experts provide an insight below on latest facebook data breach in which 533 million Facebook users phone numbers have been leaked to an online forum, originally Tweeted by Alon Gal, CTO of security firm Hudson Rock.
<p>As the price of personal data climbs, breaches of any size – let alone half a billion users – should no longer be tolerated. Organisations have full responsibility for the data stolen; even seemingly low-stakes data can be used to exploit customers.</p> <p> </p> <p>Organisations must not forget that all personal data in their care is equally valuable.<strong> </strong>If you collect it, protect it. It is imperative to ensure that appropriate security controls are implemented to keep all data safe from inappropriate or unauthorised access.</p> <p> </p> <p>Additionally,<strong> </strong>while it’s possible to have security without privacy, it’s impossible to have privacy without security. Privacy is about the ethical and responsible handling of personal data. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.</p>
Last edited 2 years ago by Adam Enterkin
Jacinta Tobin , Vice President of Cloudmark Operations
InfoSec Expert
April 7, 2021 2:38 pm
<p style=\"font-weight: 400;\">The online leak of personal information will undoubtedly result in a marked increase in smishing attacks. It’s a trend we’ve seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300% each quarter over the past 12 months. And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81% reporting an attack in 2020. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">These text message mobile scams often use fraudulent branding combined with urgency and a request that a user clicks a malicious link. Consumers trust mobile messaging, and they are much more likely to read and access links contained in text than those in email. This level of trust paired with the reach of mobile devices makes the mobile channel ripe for fraud and identity theft. To combat these attacks, we recommend that users first ensure they are on the Do Not Call Registry and re-confirm their entry even if they believe that they previously signed up, as the registry also applies to text messages. In addition, we encourage mobile users to use the spam reporting feature in their messaging client if it has one.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Consumers need to be very sceptical of mobile messages that come from unknown sources. And It’s important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL. For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.</p>
<p>It would not be surprising if attackers were seen using the information obtained from the breach in targeted phishing attacks, whereby attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend. Attackers could also use the information to impersonate the person whose data was breached. In order to stay safe from scammers who may be exploiting this data, take extra precaution when you receive emails that seem strange—even if they appear to come from someone you trust. Never click on any links or attachments inside emails and always check for strange grammar/spelling errors (a sign that the email is not from the person it claims to be). To protect your personal information online, the best thing you can do is limit the types of information you share on social media platforms. Kaspersky\’s free Privacy Checker tool can help you configure your social media accounts\’ privacy settings to provide the appropriate level of security.</p>
<p><span lang=\"EN-US\">With millions of UK accounts caught up in this breach, it would be a good idea to check your email address by heading to Have I Been Pwned to check this and other breaches for compromises. Unique passwords are vital and corporate mistakes such as this prove how easily personal data can be stolen and used against their victims. Identity theft can be very simple with small amounts of stolen personal data, so victims must be vigilant of follow-up phishing emails. Furthermore, two-factor authentication is an important extra layer of protection for all accounts and helps keep threat actors from gaining entry to vulnerable or exposed accounts.</span></p>
<p>What is easy to miss when we see a breach of this magnitude of a global corporation is that the hackers are NOT targeting the large brand names like Facebook. There is no question that Advance Persistent Threat (APT) hacks are devised and targeted at the \"brass ring\" enterprises like Facebook – but we have to remember that the hackers are running scans across all of our systems.</p> <p> </p> <p>To this end, we all have to be diligent that we are monitoring our system and implementing best practices. As the Cyber Kill Chain details, hackers will be executing reconnaissance on our systems and enumerating our assets. Once this occurs, the hacker will then penetrate our systems and attempt lateral movement and privilege escalation. It is in these steps where a comprehensive and updated identity governance practice can spot an attacker who is attempting to change account privileges to enable the compromised accounts to move around the enterprise, find crucial PII/PHI data, and then exfiltrate it.</p> <p> </p> <p>Products and practices that can identify and then alert the enterprise about account breaches are crucial to meeting not only compliance, but to achieving enterprise security.</p>
<p>As the price of personal data climbs, breaches of any size – let alone half a billion users – should no longer be tolerated. Organisations have full responsibility for the data stolen; even seemingly low-stakes data can be used to exploit customers.</p> <p> </p> <p>Organisations must not forget that all personal data in their care is equally valuable.<strong> </strong>If you collect it, protect it. It is imperative to ensure that appropriate security controls are implemented to keep all data safe from inappropriate or unauthorised access.</p> <p> </p> <p>Additionally,<strong> </strong>while it’s possible to have security without privacy, it’s impossible to have privacy without security. Privacy is about the ethical and responsible handling of personal data. This is why security is an integral part of ensuring that transparency of privacy practices can be achieved.</p>
<p style=\"font-weight: 400;\">The online leak of personal information will undoubtedly result in a marked increase in smishing attacks. It’s a trend we’ve seen continue to grow, especially during the pandemic, with smishing messages already increasing by 300% each quarter over the past 12 months. And while the attackers are primarily targeting consumers, we have noticed a concerning rise in attacks on organisations as well, with over 81% reporting an attack in 2020. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">These text message mobile scams often use fraudulent branding combined with urgency and a request that a user clicks a malicious link. Consumers trust mobile messaging, and they are much more likely to read and access links contained in text than those in email. This level of trust paired with the reach of mobile devices makes the mobile channel ripe for fraud and identity theft. To combat these attacks, we recommend that users first ensure they are on the Do Not Call Registry and re-confirm their entry even if they believe that they previously signed up, as the registry also applies to text messages. In addition, we encourage mobile users to use the spam reporting feature in their messaging client if it has one.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Consumers need to be very sceptical of mobile messages that come from unknown sources. And It’s important to never click on links in text messages, no matter how realistic they look. If you want to contact the purported vendor sending you a link, do so directly through their website and always manually enter the web address/URL. For offer codes, type them directly into the site as well. It’s also vital that you don’t respond to strange texts or texts from unknown sources. Doing so will often confirm you’re a real person to future scammers.</p>
<p>It would not be surprising if attackers were seen using the information obtained from the breach in targeted phishing attacks, whereby attackers send malicious emails that appear to come from a trusted sender, for example, from the email address of your Facebook friend. Attackers could also use the information to impersonate the person whose data was breached. In order to stay safe from scammers who may be exploiting this data, take extra precaution when you receive emails that seem strange—even if they appear to come from someone you trust. Never click on any links or attachments inside emails and always check for strange grammar/spelling errors (a sign that the email is not from the person it claims to be). To protect your personal information online, the best thing you can do is limit the types of information you share on social media platforms. Kaspersky\’s free Privacy Checker tool can help you configure your social media accounts\’ privacy settings to provide the appropriate level of security.</p>
<p><span lang=\"EN-US\">With millions of UK accounts caught up in this breach, it would be a good idea to check your email address by heading to Have I Been Pwned to check this and other breaches for compromises. Unique passwords are vital and corporate mistakes such as this prove how easily personal data can be stolen and used against their victims. Identity theft can be very simple with small amounts of stolen personal data, so victims must be vigilant of follow-up phishing emails. Furthermore, two-factor authentication is an important extra layer of protection for all accounts and helps keep threat actors from gaining entry to vulnerable or exposed accounts.</span></p>
<p>What is easy to miss when we see a breach of this magnitude of a global corporation is that the hackers are NOT targeting the large brand names like Facebook. There is no question that Advance Persistent Threat (APT) hacks are devised and targeted at the \"brass ring\" enterprises like Facebook – but we have to remember that the hackers are running scans across all of our systems.</p> <p> </p> <p>To this end, we all have to be diligent that we are monitoring our system and implementing best practices. As the Cyber Kill Chain details, hackers will be executing reconnaissance on our systems and enumerating our assets. Once this occurs, the hacker will then penetrate our systems and attempt lateral movement and privilege escalation. It is in these steps where a comprehensive and updated identity governance practice can spot an attacker who is attempting to change account privileges to enable the compromised accounts to move around the enterprise, find crucial PII/PHI data, and then exfiltrate it.</p> <p> </p> <p>Products and practices that can identify and then alert the enterprise about account breaches are crucial to meeting not only compliance, but to achieving enterprise security.</p>