Crypto at risk after Facebook leak: Here’s how hackers can exploit data

Published at: April 7, 2021

Facebook is no stranger to data hacks and leaks, with the company having been on the receiving end of many high-profile security breaches in recent years. For example, back in 2018, the social media giant revealed that it had inadvertently exposed the personal information of more than 50 million users due to a small error in its platform coding, thus allowing miscreants to gain access to its users’ accounts.

Similarly, in 2020, the Mark Zuckerberg-led firm was embroiled in another major controversy when it came to light that thousands of developers had been able to access data from inactive platform users, again drawing the ire of many folks across the globe.

Now in 2021, the tech juggernaut has once again been hit with a fresh wave of data leaks, however, this time around, the number of users whose records were exposed was not 50 million but a staggering 500 million. On April 3, Alon Gal, chief technical officer of security firm Hudson Rock, revealed that sensitive personal information for over half a billion Facebook users was shared on a well-trafficked hacking forum.

To be more specific, the records include phone numbers, full names, locations, birthdates, bios, and, in some cases, email addresses of over 553 million located users across a total of 100 countries. Not only that, of the above-stated figure, 32 million users are apparently from the United States, while 11 million are from the United Kingdom.

Lastly, this data which is now doing the rounds online has potentially put at risk the savings of millions of digital currency traders and hodlers who now may be vulnerable to SIM swapping and other identity-based attacks, which have happened in recent years.

What should be done?

How exactly does this most recent breach place at risk the crypto assets of individuals? Dave Jevans, CEO of blockchain security firm CipherTrace, told Cointelegraph that people who have had their phone numbers leaked need to be extra cautious since a lot of fraud involving digital assets hinges on such info, adding:

“We’ve seen an increase in SIM swaps, phishing attacks and other types of fraud involving cryptocurrencies that rely on acquiring the phone numbers of victims to execute. Leaked info about the identity of high-profile crypto users gave bad actors the ability to target them.”

He went on to add that individuals who believe their crypto may be at some sort of risk need to reconsider their existing privacy strategies — basically, thinking twice before storing all their holdings in a centralized exchange that may leverage user phone numbers for two-factor authentication.

Jevans further opined that managing one’s own keys could be a better way to protect our valuables from being phished via the use of stolen phone numbers. However, he conceded that even that may not be enough. “Phishing attackers can still use other means of acquiring account and address information, but it’s much harder,” he added.

Providing a take on the matter, Ben Diggles, co-founder and chief revenue officer for Constellation — a scalable enterprise-grade blockchain creating a standard for securing data in transit — told Cointelegraph that Facebook’s latest security lapse is not surprising, especially since most users of the social media platform tend to adhere to a different mindset — i.e., they like their world to be managed and organized for them.

He added that for most users, if they forget their passwords, they can just have the system reset it for them. Not only that, in Diggles’ view, most folks using Facebook aren’t even totally aware of how big their digital footprint actually is — a facet that Facebook doesn’t make too obvious either — adding:

“Those that are crypto holders that were on the list have little to worry about unless they were storing descriptive details of their holdings and access on their Facebook account. However, these hackers have gotten really sophisticated, so I have no idea what tricks they may have [up] their sleeves with regards to scraping info specific to crypto wallets and exchanges.”

That said, as a precautionary measure, he believes that it would be best if most users change their passwords across all of their social media accounts as well as other platforms that share their data with Facebook.

Does decentralization matter?

As more data leaks continue to happen, an increasing amount of people around the world are beginning to realize the value proposition that decentralized systems put forth from a security standpoint, especially since they do not feature a single point of failure.

On the subject, Eli Arkush, a cloud solutions engineer at cybersecurity firm GlobalDots, opined that having the backend system of a platform distributed using blockchain technology might make it a bit harder on the hackers to get a hold of user info; however, once credentials fall into the wrong hands, password reuse can become an issue.

Similarly, Diggles believes that few people are educated enough to understand why decentralization actually counts, since, in theory, everything already seems fairly decentralized in their experience, at least from a digital standpoint.

He added that most people don’t know that the internet plays by its own rules and thus when he tells people about how technologies such as Brave and the Basic Attention Token work, it’s mind-blowing to them: “Most people aren’t aware of their involvement in the grander data world, and I can see why humans have been conditioned to think centralization is safer.” He added: “If users are made aware that value is being siphoned off of them every day, I think they would change behaviors quickly.”

However, Stephen Wilson, a member of the Australian government’s National Blockchain Roadmap Cybersecurity Working Group and CEO of security services provider Lockstep Group, is of the opinion that contrary to what some may believe, it’s never a good idea to save personal information on any sort of blockchain ecosystem.

He pointed out that the type of personal information breached by Facebook should never be stored in a blockchain, and even if one does, such data can never totally be protected by blockchain with any sort of long-term effectiveness. He stated further that “there are many different facets of decentralization and distributed systems,” adding:

“Blockchain and DLTs usually only decentralize some aspects of data management. They don’t usually decentralize data storage in any relevant sense because they tend to duplicate ledger entries across multiple systems. The storage is distributed, but identical copies of information are available in multiple locations and can be vulnerable to attackers or thieves.”

Crypto hacks in 2020 were centered around the DeFi space

Late last year, crypto hardware wallet manufacturer Ledger was on the receiving end of a data hack, as a result of which the private information of more than 270,000 users was leaked online. Following the incident, users started reporting extortion threats from bad actors resulting in many users even considered initiating legal action against the firm.

Furthermore, a total of 28 attacks were witnessed in relation to various prominent cryptocurrency exchanges and trading platforms in 2020, with the total sum of money being compromised as a result of these ploys amounting to around $300 million.

Related: Crypto wallets in 2021: From hot to cold, here are the options

According to a report released by CipherTrace, more than 50% of all nefarious activities in relation to the crypto market last year were linked to various decentralized finance protocols after the immense amount of growth over the past year.

In the past, most hacking schemes have, by and large, focused on stealing funds from cryptocurrency exchanges, for example, in 2014 and 2018, the amount of money compromised as a result of exchanges being hacked lay at $483 million and $875 million, respectively.

However, an increasing number of miscreants are now turning their attention to stealing user data because it provides them with unique avenues to acquire funds with relative ease. Thus, it is of utmost importance that crypto owners learn how to protect their assets, using advanced tools not to fall prey to such breach attempts.

Tags
Related Posts
Zoom Will Offer End-to-End Encryption to All Users
On June 17, the popular video conference app, Zoom, officially announced that end-to-end encryption, or E2EE, has finally arrived for their software. It will be provided to both free and paid users, so long as their account has passed the company’s verification process. According to the announcement, during the beta phase that will start from July, users should verify their phone numbers via a text message. The aim of this step is to prevent the mass creation of abusive accounts. Zoom commented: “We are confident that by implementing risk-based authentication, in combination with our current mix of tools - including …
Technology / June 17, 2020
The internet of trust: Why secure digital identities are crucial to Web 3.0
A French project is building “The Internet of Trust” — and says decentralized identifiers will be a crucial part of Web 3.0. XSL Labs is developing a Secure Digital Identifier (otherwise known as SDI for short) that’s designed to ensure users have full control over their private information. In time, it’s hoped this approach will diminish the power of tech giants such as Facebook and Google. SDI aims to limit the amount of data that is shared about ourselves online, without impeding access to goods and services. The project intends to ensure zero-knowledge proofs are utilized wherever possible, which add …
Blockchain / Feb. 26, 2021
Central authorities have demonized privacy — Crypto projects must fight back
Zcash (ZEC), a privacy coin that launched in 2016, unveiled an upgrade to its system on May 31 that will allow users to more easily make private, trustless digital cash payments on mobile phones. Not everyone would view this as a good development. The unfamiliarity, uncertainty and public intrigue surrounding privacy — including its complexity, misuse and speculative activity — presents a number of challenges and reputational issues for innovating crypto projects. While a core tenet and source of pride among crypto projects such as Zcash, privacy has been demonized by those in power, including lawmakers, regulators, banks and academics. …
Adoption / June 12, 2022
Digital identity platform integrates with zkSync for on-chain KYC
RNS.id, a digital Web3 identity platform developed to support the application and issuance of sovereignty-backed IDs, announced on Nov. 30 that it is integrating with zkSync for on-chain KYC. RNS.ID indicated in a release shared with Cointelegraph that its on-chain KYC solution is designed on a “privacy engine” to encrypt users' identity attributes or properties into different “hashed slices” with multiple signature verifications. RNS.ID aggregates users’ fragmented identity properties data and uses ZK-proofs to generate encrypted proofs from metadata. Additionally, the company stated that RNS.ID enables users to create their own "minimal disclosure identifying information system" for constrained usages, thereby …
Technology / Nov. 30, 2022
Crypto companies aim to build trust within future products and services
The cryptocurrency ecosystem underwent a turbulent year in 2022. Criticism inside and outside of the crypto industry was fueled following the collapse of FTX, Celsius, Three Arrows Capital and the Terra ecosystem. A number of losses have been recorded from these events. Blockchain analytics firm Chainalysis released a report in December of last year, which noted that the depegging of Terra’s stablecoin, Terra USD Classic (USTC), saw weekly-realized losses peak at $20.5 billion. Findings further show that the subsequent collapse of Three Arrows Capital and Celsius in June 2022 saw weekly-realized losses reach $33 billion. While these events may have …
Decentralization / Jan. 6, 2023