We are only 5 months into 2021, but it has been quite entertaining in terms of data leaks (in spanish). So far in 2021 there have been a few, and some with a lot of repercussions, either by the company or by the administration attacked.
In view of all this, my question (and reflection) for some web sites is:
Is it necessary to collect data that may pose a problem?
Facebook data leaks
Without a doubt, the most important data leak is the one that was uncovered a few weeks ago about Facebook, and I even wrote a specific post about it (in spanish). The fact that name, surname and cell phone appear is serious enough to make me rethink to what extent it is necessary in a photo-sharing website (theoretically, because we all know what Facebook has become: an unscrupulous advertising company).
From the type of breach, it doesn’t look like it was a hack, but rather a bot that has been collecting information from the profiles. This is very clear because there are no passwords in the extracted data ….
Creating a user’s bot isn’t complex, and you only need to know programming languages, mainly Javascript, or Python, or better yet, both (my case).
Luckily for me, I deleted my Facebook account several years ago because it simply didn’t do anything for me, and as I have already commented on several occasions, Facebook stopped providing what was a priority in my opinion: sharing photos. And now, we all know what Facebook has become, especially with the purchases of Instagram and WhatsApp.
Another data leaks from LinkedIn
Another social network where there has been profile data scraping is LinkedIn. A few weeks after Facebook, another file with LinkedIn data appeared, and the technique used was the same: it was not a hacking problem, but a bot collecting profile data..
My advice for social networks
I do not have the absolute truth about what to do and what not to do in RRSS, but my advice is to give as little data as possible, to use as little real data as possible, and if you can avoid giving sensitive data, much better for you and for your safety..
As far as possible, it would be more than interesting to have several email accounts, and depending on the type of web, you register with one or another. For example, it is not the same to register in a forum than in Amazon.
The big Internet e-commerce are reliable precisely because safeguarding the information of their users is prone to give value for their trust, and if they were to be attacked, their business would fall, hence the priority in security is top priority. Examples, Amazon, Google, AliExpress, …
Not only data leakage, but also ramsonware attacks
But this year 2021 has not only started strong with data breaches. There have also been quite prominent ramsonware attacks on various companies and public bodies, the most sensitive being the attack on the SEPE, which is the state employment service in Spain. This attack has been due to Riuk, and has affected quite a lot. In fact, the backup they uploaded to “fix” the mess was from several months ago.
But it was not the only one. The Irish health service has also been compromised with the publication of medical information online following another ransonware attack.
Always use your common sense
As I always say, the best antivirus is common sense: nobody writes you an email to tell you that you are a millionaire, …. and if you have doubts, be the one to call to confirm. Always apply common sense, and when you feel that an email or SMS includes “strange” content, be suspicious..
No one is exempt from falling into a trap, and there are many, including myself. A few weeks ago I received a “perfect” email from a supplier of mine, and I phoned them to verify if the email was theirs, because it seemed strange to me. Luckily, the person told me that they were already aware of the phishing, and that they were trying to warn their customers.
So, to take care of the data, provide the minimum, and … happy coding!