Tokenization and encryption protects data, but Facebook didn’t protect its data and gave hackers the Facebook user ID, phone number, and name of 267 million users. This is a fraudster’s dream. When our data is delivered to criminals, eCommerce crime and hacking is likely to grow substantially.
Criminals will mix this data lost by Facebook to create synthetic identities which are used to open fake merchant, credit, and bank accounts. The data released by Facebook is insufficient to cause much financial loss by itself, but when mixed with other personally identifiable information and fabricated data, it can enable criminals to open accounts and spend money that will often ultimately be a nasty surprise to an unwitting consumer.
But that’s just the direct way to use the last data. That data can also be used for social engineering to create compelling emails that have Trojans attached that can hijack your computer or harvest your bank credentials. A post on Digital Trends covers the topic further:
“More than 267 million Facebook users’ IDs, phone numbers, and names were exposed to an online database that could potentially be used for spam and phishing campaigns.
Security researcher Bob Diachenko uncovered the database, according to Comparitech. The database was first indexed on December 4, but as of today, December 19, it is unavailable. Comparitech reports that before the site was taken down, the database was found on a hacker forum as a downloadable file.
Most of the Facebook users that were affected by this leak are located in the U.S., and the data included people’s Facebook IDs, phone numbers, and their full names.
Diachenko told Comparitech that the leaked data was most likely a result of illegal scraping or a hole in Facebook’s API. Scraping is against Facebook’s policies but can be easily done, especially if users have public profile settings.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group