Data leaks in social networks

The main articles are:

• High-profile leaks
• Social media

2023: Internal documents and Reddit source code stolen

A Reddit employee fell for a phishing campaign, which led to the compromise of documents, as well as personal data of employees and partners. This became known on February 10, 2023. Read more here.

2021

More than 60% of Russians send screenshots with working correspondence in instant messengers to friends or upload them to social networks

On July 13, 2021, AlfaStrakhovanie said that only a third of Russians refrain from discussing work on social networks and with friends - the rest do not see anything dangerous in quoting working correspondence in instant messengers, posting a screenshot or discussing working news with acquaintances. More than 3 thousand respondents from all regions of the country took part in the survey.

In total, more than two-thirds of employees of Russian companies openly discuss working issues with third parties, and 19% of them admitted that they can calmly describe the nuances of their activities on social networks. 29% "for the sake of a joke" can share funny screenshots or quotes from correspondence with friends, and 24% share only common moments that do not affect the activities of the enterprise.

Answering the question of what corporate method of communication is adopted in their company, most of the respondents said that for these purposes they simply use one of the standard messengers (43%) or communication is not regulated in any way (23%). 21% of enterprises prohibit the use of fast messaging services on work devices, and in 13% of cases, internal corporate chat is used on the work portal.

39% of respondents said that the company installs all software only through special technical services, purchases licensed versions of programs, 28% work remotely and can install any programs for themselves, 19% admitted that there is no control from the management, and 14% were not sure about the degree of security and do not know exactly what is being done for this in their organization.

It is curious that more than half (62%) of the survey participants admitted that it is extremely rare to update software on a home computer, since they do not consider themselves competent enough in this area. 26% and 12%, respectively, said they follow system prompts or monitor security consciously, updating programs in a timely manner and purchasing licensed versions.

The survey found that one in two workers (52%) take occasional work from home, coming up with "workarounds" as downloading documents from work devices is not allowed. 38% noted that it is not accepted to work from home in their organization, and the rest (10%) can safely take their work home, and, not hiding from their superiors, use the necessary internal information.

Information security has recently become an increasingly urgent problem: even large enterprises have been unprepared to protect their data and intellectual property in the transition to remote employment. First of all, this, of course, is a matter of corporate culture - it is necessary to explain to employees that involuntary disclosure of confidential information can lead to serious losses in the company. It is important for managers to think about introducing security systems that will help prevent large losses, "says Alisa Bezlyudova, director of the marketing department of Medicine of the AlfaStrakhovanie group of companies.

The network sells phone numbers of half a billion Facebook users

On January 27, 2020, information appeared that networks phones half a billion users were selling numbers. Facebook Vice writes about this with reference to Alon Gala, one of the founders of Hudson Rock, a company specializing in. computer security So, according to the portal, the cell numbers of 533 million users from,, social networks , and USA Canada Great Britain another 15 Australia countries of the world are sold in the community engaged in. cybercrimes More. here

2020:267 million Facebook accounts sold on the dark web for $540

On April 20, 2020, Cyble analysts reported the discovery of 267 million Facebook accounts on the darknet. They purchased them from hackers for $540, that is, 0.0002 cents per account. The data contained a unique Facebook identification number, phone number, full name and timestamp and mainly concerned users in the US. Read more here.

2019

Data 267 000 000 Facebook users found in the public domain

On December 25, 2019, information security expert Bob Diachenko and Comparitech specialists reported the discovery of an unprotected Elasticsearch database containing data 267 140 436 Facebook users. Read more here

Data more than 1 billion users of social networks were in the public domain

On November 24, 2019, it became known that American security researcher Vinny Troia discovered an accessible one database containing more than 4 TB - information a total of 1.2 billion records including from data the profiles of hundreds of millions of users, and, social networks Facebook Twitter LinkedIn including Github 50 million phone numbers, 622 million unique email addresses and records from employment history. No numbers passwords or payment cards social numbers were found in the database. insurance

According to Wired, the database was located in the Google Cloud Services service and anyone could access it. As of November 24, 2019, it is unclear whether anyone used access for their own purposes. Troya reported his find to the FBI and after only a few hours the server was disconnected. The FBI declined to comment.

The database contained four sets of data, the name of three of them pointed to the American data broker People Data Labs, but the company's co-founder Sean Thorne said that the discovered server did not belong to PDL. Who owns such an extensive database and how the information turned out to be in the public domain is unknown^[1].

Database of 20 million Instagram users put up for sale

In October 2019, it became known about the data leak of 20 million Instagram users. The corresponding database was put up for sale at a price of 2.8 bitcoin (about $22 thousand). Read more here.

There was a data leak of 419 million Facebook users

In early September 2019, it became known about the data leak of more than 419 million Facebook users. The database, which contains mainly phone numbers, unique identifiers of social network participants, as well as information about the country of residence of users and pol. more details here.

Leaked internal documents reveal Facebook blackmailed politicians around the world

On March 4, 2019, it became known that Facebook put pressure on politicians around the world to sabotage the adoption of laws protecting the privacy of Internet users. The company did this because its entire business model is just built on privacy violations - collecting data about the user and then selling them to advertisers. Read more here.

2018: Zuckerberg pleads guilty to data breach of 50 million Facebook users

The company's shares are falling, Mark Zuckerberg is threatened with a challenge to Congress, the United States and the European Union are going to launch an investigation into it. The reason is a series of investigations by The Guardian and The New York Times. Journalists found out^[2], that the British company Cambridge Analytica collected data on the behavior of 50 million Americans in order to then sell them political ads. Facebook was aware of the leak but did nothing.

The founder of the social network Facebook Mark Zuckerberg commented on his page on the social network scandal due to the leakage of personal data of 50 million users. The British analytical company Cambridge Analytica received them from Alexander Kogan, professor of psychology at the University of Cambridge. He developed a test that passed about 300 thousand people, which allowed Kogan to collect data on 50 million Facebook users. Having obtained this data, Cambridge Analytica used it to create an algorithm that reveals the preferences of American voters. With the help of an application created on the basis of an algorithm, during the presidential campaign in the United States, an addressable advertising mailing was carried out^[3]

Zuckerberg admitted that Kogan found a vulnerability on the social network and took advantage of it by collecting personal data of a large number of users in 2013. "In 2015, we learned from journalists from The Guardian that Kogan shared the data of the application he developed with Cambridge Analytica," Zuckerberg said. According to him, this does not comply with the company's policy, so the social network immediately closed Kogan's access to personal data, banned the use of the application he developed and demanded that Kogan and Cambridge Analytica delete information about all personal data obtained illegally. According to him, at that time they provided evidence that the requirements of the social network were fulfilled.

"Last week we learned from The Guardian, the New York Times and Channel 4 that Cambridge Analytica may not have deleted the data it had obtained. We immediately banned her from any of our services. Cambridge Analytica claims that they have already deleted the data and agreed to an examination that we decided to conduct to confirm this, "Zuckerberg wrote.

The founder of Facebook admitted that the social network is to blame for the leakage of personal data of its users. "This is a breach of trust between Facebook and people who share their data with us and expect us to protect it. We must fix this, "the publication said.

2010: Google and Facebook client data breaches

Of the commercial leaks, the loudest in the past year were the leaks of client data made by the global IT giants Google and Facebook. A leak from Google in late August exposed many large companies that used Google's contextual advertising services, including AT&T, BP, and a number of other equally well-known companies. The world's most popular social network Facebook, whose founder became Time's person of the year, distinguished itself in the field of information security by the fact that some of the applications installed by users on their pages in it sold information about these users "to the side," as a result of which many users became victims of unscrupulous advertisers and spammers.

Notes