Hackers Advertise Stolen Personal Data On Facebook

Uploaded on 2018-04-26 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Criminals are using hundreds of groups on Facebook to advertise stolen credit card details, cyber-attacks and logins for hacked Amazon and Netflix accounts.

Brian Krebs, a security researcher, identified nearly 120 groups apparently dedicated to fraud, hacking and money laundering, activities normally associated with the “dark web”. The groups had more than 300,000 members and had been on Facebook for an average of two years, although some had been active for nine years.

Most of the groups advertised their intent by using terms associated with criminal activity in their names, such as “carding” (credit card fraud), “tax refund fraud”, “account takeovers” and DDoS (distributed denial of service attack), a form of cyber-attack.

Facebook has previously been criticised for hosting terrorist content and forums for paedophiles. Critics say that the company should use the same artificial intelligence tools it uses to screen for child abusers to identify other posts that promote illegal acts.

The biggest category of groups identified by Mr Krebs promoted the sale of stolen credit and debit card details.

The next largest offered automated methods for accessing user accounts of services such as Amazon, Netflix and PayPal using logins for other websites obtained from previous data breaches.

Facebook took down the groups after they were reported by Mr Krebs as a security researcher. When he previously reported them anonymously, however, the company said that they did not break its rules.
 
A member of one group advertised fraudulent websites for HMRC and UK banks that scammers could use to steal account details.

The groups identified by Mr Krebs were private groups, meaning members must be approved by moderators. However, some groups advertising the same services are public.

Yvette Cooper, chairwoman of the UK Parliamentary Home Affairs select committee, said: “This is yet more troubling evidence that social media companies like Facebook are not doing nearly enough to deal with illegal activity on their platforms.” She said that the committee would look at the issue as part of its inquiry into online crime and safety.

Facebook’s community standards prohibit the promotion or sale of illegal goods or services. The company said that once violations were reported its teams would review and remove the offending groups or posts. A spokesman added: “As technology improves, we will continue to look carefully at other ways to use automation.”

The Times

You Might Also Read:

Eight Reasons Why Facebook Has Peaked:

Millions Of Compromised Accounts Discovered On The Dark Web:

 

« DNA Data Storage Moves Closer To Becoming Reality
Cambridge Analytica Planned To Issue Digital Currency »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.