The rise of social media data breaches
By Alex McConnell / 28th Apr 2021
Cybercriminals are always looking for the new weak link and social media is a point of vulnerability for many businesses. As it becomes more common for social media to be used for and by businesses, the opportunity for cybercriminals to use social media in their attacks grows.
Social media is an essential tool for networking, events, advertising, keeping up with trends and more. However, with the rise of remote working and personal smart devices, social media data breaches are fast becoming a risk of which companies need to be aware.
What is a data breach?
Data breaches are the result of a cyber-attack where criminals gain unauthorized access to a computer system or network and steal private, sensitive, or confidential personal and financial information.
Common cyber-attacks used in data breaches
- Denial of service
Leaked data almost certainly ends up on the dark web, which leads to cybercrime such as password cracking, credential stuffing and phishing.
Hackers can use social media data breaches to create detailed profiles of potential victims and conduct targeted phishing attacks. Cybercriminals could also use the information to spam emails and phone numbers, or brute-force the passwords of social media profiles and their associated email addresses.
If enough personally identifiable information (PII) is gathered in a data breach, this can lead to identity fraud and identity theft. These threats are increasingly becoming a concern online, mainly due to the rise in data breaches. Facebook estimates that anywhere from 50 million to 100 million of its monthly active user accounts are fake duplicates. As of late 2020, almost half of all consumers worldwide expect to be hit by a data breach.
How social media impacts businesses
Trust is a vital ingredient for social networks to operate successfully. They entice people to overshare confidential information, therefore providing cybercriminals with data that significantly assists them in breaching organizations.
Cybercriminals primarily target business accounts
These criminals may target a business’s employees and customers by impersonating the brand in an attempt to steal their credentials. The more visible and engaged with a business is on social media, the greater the possibility that a cybercriminal will attempt to target those users
Cybercriminals can also use social media to contact potential victims
They do that to build trust and persuade them to visit a phishing page. Companies can protect their employees with training against phishing and social engineering. Trained employees are less likely to fall for attacks than users with no training.
How social media is putting your data at risk
Millions of people spent significant time working from home during Covid-19, using personal devices. As a result, staff have become more vulnerable to malicious attacks from social media.
Scammers might first try to infiltrate your social network using mutual connections and acquaintances to develop a false sense of security.
This is an important reminder that we should remain vigilant when engaging with individuals we have not previously interacted with.
The consequences of engaging with these cybercriminals is damaging the careers of individuals and associated businesses.
The Centre for the Protection of National Infrastructure (CPNI) has launched a new campaign to help deter further criminal activity. The campaign asks government staff to focus on:
- Recognizing malicious profiles
- Realizing the potential threat
- Reporting suspicious profiles to a security manager
- Removing the profiles
LinkedIn data breach: Spies are using LinkedIn to steal secrets from UK nationals
LinkedIn is the world’s most used professional networking platform. Cybercriminals can conceal themselves as “headhunters” on the network preying on people who are looking for jobs.
In April 2021, it was reported that attackers used fake social media profiles to engage specifically with people who have “access to classified or sensitive information.”
According to MI5, at least 10,000 UK nationals have been approached by fake profiles on LinkedIn over the past five years. The LinkedIn attacks are directed at staff in government departments and major businesses.
LinkedIn has since commented:
“Our teams utilize multiple automated techniques, coupled with human reviews and member reporting, to maintain LinkedIn as a safe and trusted platform.”
Once connected, the attackers try to influence the individuals by offering speaking or business opportunities, before attempting to gain confidential information. LinkedIn users are being advised to take precautionary measures to protect their accounts and data
Stop your data from being breached
Businesses should always look for suspicious activity, while training employees to follow cybersecurity best practices when operating online, including:
- Using different passwords on every account
- Monitoring online transactions
- Using secure websites
To prevent social media data breaches, businesses need to ensure they protect user information and secure company data. Efficient training and technology can also help reduce the likelihood of a data breach along with increasing employee awareness and regularly updating policies.