It's not a breach. It's a feature!

Social media data scraping has taken on a life of its own.

The number of recently released records easily surpasses the billions. And it's still growing.

It's now getting so widespread that Facebook has reportedly adopted an internal policy of "normalizing" data scraping incidents and justifying their lack of disclosure.

Longer term, though, we expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly. - internal Facebook memo

Further, researchers recently informed Facebook of a vulnerability that allows someone to discover or search by personal email addresses of users. Remember all those privacy settings, when you thought you were keeping your information secure?

What does this mean?

More data is getting into the wrong hands. Faster.

As Facebook management stated, this is a broad industry issue and this happens regularly.

While this may reflect a significant volume of scraping activity, we hope this will help to normalize the fact that this activity is ongoing and avoid criticism... - internal Facebook memo

Just to be sure, we aren't saying that your social media passwords are floating around the Dark Web. Well, we aren't not saying that either, but that's a different topic...

This is about vast amounts of collated contact information freely available to hackers.

What do they do with this contact info?

They go Phishing! (and it works really well...)

Hackers will use as much easily accessible data as they can grab and use that in launching Phishing campaigns.

The more info they get, the more targeted their attacks can be.

It's not about changing a password. You can't remove your own data from these dumps. Period.

Remember, they can collect lots of information one-by-one. But that takes a long time. These scraping incidents are about quickly getting tons of this data all at once, nicely packaged as a gift under the hacker's Christmas tree.

What should you do about it?

You can start by finding out whose data has been exposed in your organization. INFIMA's Partners do that with Web Exposure Reports.

Your report details all of those publicly available emails and identifying information that Phishing attackers use to launch their weaponized emails.

Next, Train your users to avoid these incoming Phishing attacks.

We make that easy too...

Consistent Security Awareness Training is your next step in protecting against these exact same Phishing attacks.

Learn how we partner with you - hit us up here!

Facebook memo reporting from:
[https://www.independent.co.uk/life-style/gadgets-and-tech/facebook-memo-leak-normalise-breach-b1834592.html]