Major data collector sites not hacked, but ‘scraped’

In the absence of strong regulatory body action, users have no choice but to be very careful. File photo.

In the absence of strong regulatory body action, users have no choice but to be very careful. File photo.

Published Apr 18, 2021

Share

FACEBOOK, LinkedIn and Clubhouse have one thing in common this month, they were all reportedly hacked, yet they are denying it.

They are, however, admitting that data of their users has been ‘scraped’ and made available for sale on hacker forums. What that means is that user data from these platforms is now available for hackers to monetise and, in some cases, craft whatever plans they have – which may include criminal behaviour.

Whatever Facebook, LinkedIn and Clubhouse claim about this development, the bottom line is that user data is now exposed.

Here’s what happened at the two big tech companies:

- The personal data of 533 million Facebook users in more than 106 countries, including South Africa, was found to be freely available online recently. The data trove, uncovered by security researcher Alon Gal, includes phone numbers, email addresses, home towns, full names and birth dates.

- Initially, Facebook claimed that the data leak was previously reported in 2019, and that it had patched the vulnerability that caused it that August. But, in fact, it appears that Facebook did not properly disclose the breach at the time.

The company finally acknowledged it on Tuesday, April 6, in a blog post by product management director Mike Clark.

LinkedIn also recently confirmed that a trove for sale on hacker forums includes “publicly viewable member profile data that appears to have been ‘scraped’ from LinkedIn”, in addition to other sources around the web.

LinkedIn wasn’t hacked (this time), but was victimised by attackers who figured out how to collect publicly available user info on a massive scale.

The truth of the matter is that personal data being aggregated in that way still benefits hackers and phishers, especially, who can use it to build profiles of users for better targeting.

The behaviour of tech companies shows that they are not concerned with recent developments. This leaves regulators with a responsibility to act.

In Ireland, they are acting. In South Africa, however, there’s less action.

Instead, the regulator keeps writing to Facebook in the SA office and keeps hoping for a dignified reply.

In the absence of strong regulatory body action, users have no choice but to be very careful about the amount of information they share about themselves on social platforms.

Wesley Diphoko is the editor of BizTech

BUSINESS REPORT ONLINE

Related Topics:

cyber crime