Identity theft – Facebook making it easy
This blog was intended to be about passwords, however, it has transcended into social engineering and how Facebook is making it easy for the criminals.
What would you say if I told you, everything you have ever posted on Facebook, and I mean everything! Is now freely available to download and all you need is a simple password!
So right about now you are thinking, what am I talking about!
Let’s take it from the top.
Whilst getting reacquainted with Fb’s security settings “https://www.facebook.com/settings” I stumbled across, in small writing at the bottom of the security settings, download all your data. Not caring what curiosity did to the cat, I took one for team.
After clicking on the link, using only one password for authentication, I was informed that it may take a while, but a file would be sent to my linked email address. Ok! Click!
As promised, after approximately 1hr a shiny new file was waiting in my inbox to be downloaded. Not really sure what to expect I opened the innocuous zip file.
At the risk of sounding melodramatic, my breath was taken away, and not in a good way! My life was literally in front of me in electronic form! Some people now might be wondering, what’s the problem?
To keep it simple, if you are a social engineer, your life has become much easier. No more spending weeks and months stalking your victim, building up a picture allowing you to take over their identity or gain access to your bank.
All you have to do now is gain access to Facebook, once you are in, find the linked email address and bingo! Bravo Facebook!
So what’s the moral of the story – tighten up your defences! Review your security.
Don’t make it easy for the criminals, if curiosity gets the better of you, and it will, make sure you delete the file after laughing at some of the shit you posted 10 years ago!
As at writing, Facebook do not appear to have provided a facility to delete all your data as per new European General Data Protection Regulations require, but watch this space!
If you want more info, please feel free to contact us or sign up for our newsletter. https://mailchi.mp/7a65d999801b/simply-secure-newsletter
