Hackers Advertise Stolen Personal Data On Facebook

Uploaded on 2018-04-26 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Criminals are using hundreds of groups on Facebook to advertise stolen credit card details, cyber-attacks and logins for hacked Amazon and Netflix accounts.

Brian Krebs, a security researcher, identified nearly 120 groups apparently dedicated to fraud, hacking and money laundering, activities normally associated with the “dark web”. The groups had more than 300,000 members and had been on Facebook for an average of two years, although some had been active for nine years.

Most of the groups advertised their intent by using terms associated with criminal activity in their names, such as “carding” (credit card fraud), “tax refund fraud”, “account takeovers” and DDoS (distributed denial of service attack), a form of cyber-attack.

Facebook has previously been criticised for hosting terrorist content and forums for paedophiles. Critics say that the company should use the same artificial intelligence tools it uses to screen for child abusers to identify other posts that promote illegal acts.

The biggest category of groups identified by Mr Krebs promoted the sale of stolen credit and debit card details.

The next largest offered automated methods for accessing user accounts of services such as Amazon, Netflix and PayPal using logins for other websites obtained from previous data breaches.

Facebook took down the groups after they were reported by Mr Krebs as a security researcher. When he previously reported them anonymously, however, the company said that they did not break its rules.
 
A member of one group advertised fraudulent websites for HMRC and UK banks that scammers could use to steal account details.

The groups identified by Mr Krebs were private groups, meaning members must be approved by moderators. However, some groups advertising the same services are public.

Yvette Cooper, chairwoman of the UK Parliamentary Home Affairs select committee, said: “This is yet more troubling evidence that social media companies like Facebook are not doing nearly enough to deal with illegal activity on their platforms.” She said that the committee would look at the issue as part of its inquiry into online crime and safety.

Facebook’s community standards prohibit the promotion or sale of illegal goods or services. The company said that once violations were reported its teams would review and remove the offending groups or posts. A spokesman added: “As technology improves, we will continue to look carefully at other ways to use automation.”

The Times

You Might Also Read:

Eight Reasons Why Facebook Has Peaked:

Millions Of Compromised Accounts Discovered On The Dark Web:

 

« DNA Data Storage Moves Closer To Becoming Reality
Cambridge Analytica Planned To Issue Digital Currency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

Perception Point

Perception Point

Perception Point is a Prevention-as-a-Service company, built to enable digital transformation. Our platform offers 360-degree protection against any type of content-based attack.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Flix11

Flix11

Flix11 is a Cyber Security & ICT Solutions focused company. We provide a range of products and services in Cyber Security, Internet of Things (IoT) and infrastructure solutions.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.