A bug in TikTok allowed hackers to take control of high-profile accounts through a zero-click account takeover exploit.
thehackernews.com
like i said before, facebook , instagram and twitter have a long had start when it comes to their platform being compromised.
Discover the biggest data breaches ever to occur in US history.
www.upguard.com
5. Facebook
Date: April 2021
Impact: 530 million users exposed
Although one of the world’s largest companies,
Facebook is no stranger to data leaks and controversy. The social media giant has constantly dealt with security breaches of user data since the company went public in 2012.
The company’s massive data breach in April 2021 was one of its largest, leaking names, phone numbers, account names, and passwords of over 530 million people to the public. Facebook identified the problem in the platform’s tool to sync contacts, citing hackers exploiting a vulnerability to scrape user profiles for customer data.
Though Facebook maintained that no data had been compromised or misused, it’s impossible to verify since the information was public for a short period. Hackers or scammers can easily take advantage of unsuspecting users with just their names, phone numbers, and emails.
Since 2013, Facebook has faced multiple major data breaches, including:
- In March 2019, information leaked that Facebook employees had access to over 600 million user accounts. Account IDs and passwords for both Facebook and Instagram were stored in plaintext files. Although Facebook claims no sensitive information was exposed, it was one more incident among many security issues.
- In April 2019, the Cyber Risk team at UpGuard discovered 540 million unsecured Facebook user data records on public Amazon S3 cloud servers. Third-party app developer and Mexican media company Cultura Colectiva failed to password-protect their entire dataset, leaving the information open for anyone to access and download.
- Although Facebook was not directly responsible for this incident, it brought scrutiny to how the social network managed third-party access to its database. Following a long history of data leaks, Facebook finally increased restrictions on third-party developers.
- Just a few months later, more exposed records were found on a foreign server on the dark web. Further investigation found that a hacker group in Vietnam may have abused Facebook’s API and scraped the site for user IDs, names, and phone numbers. Over 300 million users were affected.
Facebook / Cambridge Analytica
Date: April 2018
Impact: 50-90 million users exposed
In 2018, a British consulting firm, Cambridge Analytica,
stole and sold data from 50-90 million user accounts on Facebook in one of the most high-profile cases in recent memory. Cambridge Analytica security researcher Aleksandr Kogan accessed this data through a loophole from a third-party quiz app. This loophole in Facebook’s API (application programming interface) allowed Kogan to compile data from anyone who downloaded the app and their entire friend network.
Despite going against the terms and conditions of Facebook, Cambridge Analytica continued to sell the data illegally because there was no rule enforcement. Reports show that Facebook was aware of the issue as early as 2015 but did not take action until Christopher Wylie, a Cambridge Analytica employee, blew the whistle.
Things finally came to a head when the Federal Trade Commission (FTC) announced a historic $5 billion fine for Facebook’s continuous violation of
data security and poor data protection practices. The FTC also mandated a complete restructuring from the top down to increase oversight of privacy compliance. Furthermore, the FTC filed a lawsuit against Cambridge Analytica, forcing CEO Alexander Nix to resign.
The Securities and Exchange Commission says hackers hijacked its X account in a SIM swap attack after MFA was disabled
www.infosecurity-magazine.com
SEC Confirms SIM Swap Attack Behind X Account Takeover
A security vulnerability at Twitter has allowed a threat actor to gain access to data of over 5.
www.bitdefender.com
Threat actor is selling data on 5.4 million Twitter users for $30K on hacking forum
If the threat actor is telling the truth, data from a quarter of all Instagram users is available on a cybercriminal forum.
On November 10th, a threat actor listed a dataset for sale on a notorious hacker forum, claiming it consists of records of 489 million Instagram users. Instagram has over two billion monthly active users, which means that if proven correct, the incident affects a quarter of all users.
The most recent Instagram data breach happened in January 2021, when a database of account information at the company SocialArks was exposed due to a misconfigured database. Instagram was also fined…
firewalltimes.com
September 2022: Irish Regulators Fine Instagram €405m for Data Privacy Violations
In September 2022, Ireland’s Data Protection Commissioner leveled a
€405 million fine against Meta for violating the General Data Protection Regulation (GDPR). Specifically, the fine pertained to Instagram exposing children’s phone numbers and email addresses.
In response, Meta claimed that the violation in question had been resolved for over a year, and Meta has disputed the fine.
newsroom.tiktok.com
