Lessons we can take from Facebook & LinkedIn leaks

It seems to be like social media is not a very safe place for your information for many reasons. People often do not think about what exactly they are sharing online. They might have people in their lives that would like to harm them for some reason, so they might attempt to take their accounts over. However, those who want to gain access to as much potentially sensitive information as they can, in hopes they can use it to achieve something or resell it further. In this article, we will talk about Facebook & LinkedIn leaks.

It seems that every social media network, no matter how hard people behind it try to protect its users and their information, sometimes falls victim to a successful cyberattack. However, they often try to claim that it was not hacking but instead a leaking or scraping. While one might think there is a difference between the terms (and technically, there is in theory, and we will explain it in a moment), the results are the same. Sensitive data is in the hands of someone who can misuse it.

Hacking means that someone has actively and on purpose attacked the private data of another person, organization, and more. Leaking, however, means any sort of unauthorized data from inside of the organization possessing it to an external recipient. It can happen accidentally, most commonly due to a human error. Scraping, which is quite often legal (it is what one does with the collected data that presents a legal issue), is a term that describes extracting data from websites. The information is usually public and, therefore, not sensitive.

However, it is still considered that it is not allowed to repurpose public data without their permission, as it is still regarded as personal. To summarise, hacking and scraping happen outside and on purpose, while leaking happens on accident and inside an organization.

As mentioned already, companies that have the data of the users compromised in some way often claim that there was no hacking but leaking or scraping. That is why users are constantly not informed about the security issues regarding their data, which leaves them in the dark regarding the situation and can potentially cause them problems in the future.

As also mentioned already, the result is absolutely the same whatever word is used to describe the event in which someone has obtained other people’s or organizations’ private data. Even if the data is not as sensitive as credit card details or the people living in the United States, social security numbers can still be used for phishing attempts and similar malicious attacks. There is already proof of that happening even without any classical hack.

First, it happened with Facebook

An example of that is a recent situation in which usernames, phone numbers, emails, and similar info of hundreds of millions of people have appeared on the hacking websites, fresh for picking. First, it happened with Facebook, our favorite website to connect with family and friends and share the details of our lives (or at least that’s what it used to be, its usage evolved into something… not quite definable). The data was collected from users from all over the world using scraping.

Very soon, LinkedIn, which could be described as the social media network of severe people, had a similar situation, in which the seller asked for quite a large sum of money to sell the data they obtained from, again, hundreds of millions of LinkedIn users. Of course, there was no hack, it was just scraping, but if a ‘hacker’ (is ‘scraper’ a term yet?) wants lots of money for the data they possess, it just shows how scraping is not as harmless as it might seem. 

Clubhouse, a trendy new app with quite an interesting concept (audio-only, and you join groups to talk to other people or listen to them), similarly suffered from a scraping issue. Still, they said that all the data extracted is public anyways. However, it turned out that the situation is not quite that simple. The way the app is built means that anyone in the app or via an API can see all the details of the public users’ information, which can cause a severe security issue.

You can read previous article about What is NFT and how does it work?

Learn more on how you can keep yourself safe online at watchdog.dev

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top