Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Facebook Crime Privacy The Internet

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com) 37

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.
This discussion has been archived. No new comments can be posted.

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years

Comments Filter:
  • by xxxJonBoyxxx ( 565205 ) on Tuesday April 24, 2018 @01:43PM (#56495897)
    So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)
    • by Anonymous Coward

      Why isn't anyone getting uptight over LinkedIN? They have our goddamn WORK history! Does anyone think that they aren't pimping out our data?
      I remember having my profile looked at without ever seeing WHO looked at them. That was fucking creepy!

      When an employer says they recruit from LinkedIN I pass them by - like GoodWill......

      I 'canceled' my LinkedIN account and never had a facebook account. From what I've seen, that didn't make any difference.

    • by tlhIngan ( 30335 )

      So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

      They do, and Google promptly removes it as well once notified. They even block the search.

      There was a time Google was used to search for credit card numbers, and Google quickly got those eradicated from the search results and made it so the search doesn't actually work anymore.

  • I think it is time for more then just a public show of shamming in front of the Congress.

    The best would be to decouple SSN from private lives and use it as it was intended to, just as your social security ID.

    I would also add a requirement for any company to use up-to-date encryption standards when processing personal information and explicit permission of the mentioned when storing such information for longer then 'n' weeks (government agencies can be exempt from the explicit permission of course).
  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday April 24, 2018 @01:56PM (#56495981) Homepage Journal

    Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them.

    Yes, Facebook depends on notifications to catch some illicit content. If they acted on those posts once notified, the system is working — except for the part where someone can use your SSN to get credit in your name. That part is broken, by design. However, that part isn't in Facebook.

    You can play whack-a-mole with SSNs from now until eternity, or you can fix the credit problem, but you can't protect SSN's by playing whack-a-mole.

    • by Ichijo ( 607641 )

      If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

      • The same reason that putting ads in your local paper is priced out of the range that people would ever use it for anything they weren't really concerned about. The paper is happy to charge you $50+ to put in a half a paragraph blurb. Facebook is made so that anyone with an e-mail address can publish photo's of every meal they eat without batting an eye. I hate facebook, I don't use them... but I at least understand what people who use it, want to use it for, but this is a crazy silly comparison. Newspapers
        • by Ichijo ( 607641 )

          In order for facebook to do that, they'd need to hire a few hundred million people

          That doesn't sound impossible, only expensive. Instead, Facebook chose to cut corners, betting that it would save them money over any fines and lawsuits they might have to pay.

          Why should they not be allowed to lose that bet?

          Now we're going to say they need to be spending MORE time looking at our posts?

          Not all of our posts, just the public ones.

  • If facebook actively searches for this stuff, they can't hide behind safe harbor legislation that merely requires removal of stuff when notified.

    It'a like having a rustic forest with widowmaker branches hanging up there. Once you start pulling them down, you're screwed, and have to do it repeatedly lest you get sued. If you had left it alone and some idiot wandered through and got killed, that's their problem.

  • Old News (Score:4, Informative)

    by mencik ( 516959 ) <steve@mencik.com> on Tuesday April 24, 2018 @03:29PM (#56496571) Homepage
    Brian Krebs reported [krebsonsecurity.com] on this a week ago, and then followed up with another story [krebsonsecurity.com] about how attempting to report more of them was rebuffed.
  • I’m sure they’ve apologized and promised to do better.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...