The information that is currently within the social profiles of millions of people is invaluable. That is why many criminals have found in this data a new way to generate illicit income with which scams to users of large firms such as Facebook are becoming more frequent.
Now it has been revealed that thousands of users of Mark Zuckerberg’s social network have been part of a scam that compromised both their concentraseis and other sensitive information such as telephones and email accounts.
The report comes from the hand of ESET, which issued a press release in which it warned of this new security flaw.
“ESET warns that an improperly configured Elasticsearch database operated by cybercriminals exposed user names and passwords,” the document reads.
The company claims that criminals entered users’ Facebook accounts using a tool that allegedly revealed to victims who had viewed their profile. However, the ultimate goal was to take the login credentials of the users.
Although the report does not indicate how the affected people came to these fake sites, which does bet that they found 2i domains that formed a network designed to steal the aforementioned information.
These sites were characterized with messages such as: “Your profile received 32 visits in the last two days. Continue to see the list ”.
Once the victim clicked on the “Open the list” button, they were directed to a fake Facebook login page, where a name or access email as well as a password were requested.
With this the scam was done. Once the information was entered, the credentials were stored in a database controlled by the criminals.
Additionally, comments on victims’ accounts contained links to both disreputable and verified sites, which was a move to avoid detection.
According to ESET, the “mix of sites was a strategy to evade detection mechanisms and avoid being blocked”.
The sites invited users to sign up for a free Bitcoin trading account and deposit 250 euros (almost $ 300) to get started. In case of making the deposit, the money would end up in the hands of cybercriminals.
In a timely manner, the report indicates that, among the stored data, ESET identified the following:
Usernames and passwords for 150,000 to 200,000 Facebook accounts, plus IP addresses. Personally identifiable information about victims, such as email addresses, names, or phone numbers. Texts used by scammers when posting comments on compromised accounts to direct victims to malicious sites.
This type of problem has become an evil that has accompanied the largest social network in the world since it was born, a situation that has put its reputation in check on more than one occasion.
What is at stake is the security it offers to the millions of users who use its service, who seem to have few security guarantees.
Of course, Facebook is not the only platform that is besieged by these malicious agents, nor are its users the eternal victims of information theft. As early as 2018, a fairly broad and global identity traffic scheme was revealed on various market-leading platforms. Among the companies that were allegedly involved in these schemes, in addition to the Zuckerberg platform, were both YouTube and Twitter.
Social networks have worked to minimize this problem that undoubtedly affects the biggest offer they make to their advertisers: trust.
Already since the middle of last year, according to the Financial Times, Mark Zuckerberg had launched a tool to find and stop fraud schemes on the social network. And as Social Media Today points out, in March of this year it launched a legal action against several malicious agents behind these challenges.