Skip to main content

Facebook acts as unwitting sales platform for identity thieves

On top of the other scandals surrounding Facebook at the moment, a new investigation has discovered that identity thieves regularly make use of the social network to spread and sell people’s personal information. The investigation turned up sales posts for credit card and social security numbers, alongside other personal information, some of which dates back years and is still live on the site.

Although the sale of personal information is often most associated with sites on the dark web, Facebook appears to be a popular avenue of sale, too. The activity isn’t even well hidden. Motherboard’s investigation turned up a plethora of public posts that offered a variety of personally identifiable information. Such data could be used to make fraudulent bank transfers, clear out Paypal accounts, take out loans in a person’s name, or steal their identity entirely.

Posters also listed contact details for potential buyers, alongside prices for the various pieces of personal information they had for sale.

As Motherboard highlighted though, what was most worrisome about these posts is that they have existed on Facebook for years without being taken down. In some cases, posts from 2014 were discovered and were only pulled by Facebook after being actively reported by the investigation.

Security professionals have exhibited surprise and concern that Facebook doesn’t have automated systems in place to block, or at least highlight such posts. They assert it should be easy for Facebook to do so, even with the sheer size of the organization and its now multiple billions of users.

Facebook later released a statement on the matter:

“We work hard to keep your account secure and safeguard your personal information. Posts containing information like Social Security numbers or credit card information are not allowed on Facebook, and we remove this material when we become aware of it. We are constantly working to improve these efforts, and we encourage our community to report anything they see that they don’t think should be in Facebook, so we can take swift action.”

This report follows a recent one by KrebsOnSecurity which highlighted how groups dedicated to sharing hacked information had hundreds of thousands of members, each leveraging Facebook to gain access to stolen information or new malware.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Whistleblowers say Facebook hasn’t addressed illegal drug sales on platform

A group of whistleblowers reportedly filed a complaint against Facebook to the U.S. Securities and Exchange Commission (SEC), claiming that the social network is ignoring drug-related activity on its platform. 

The complaint filed on Tuesday, May 26, presents alleged evidence of drug-related crimes on Facebook, such as drugs being posted for sale, according to The Washington Post. 

Read more
Facebook buys popular GIF platform Giphy for $400 million
Facebook buys Giphy

Facebook has purchased the GIF platform Giphy for a reported $400 million.

Facebook announced that Giphy's library of content will soon be further integrated into Instagram and the company's other apps.

Read more
Zoom iOS app will no longer send data to Facebook following backlash
coronavirus crisis not ready for an online first world analysis zoom conference lifestyle image

As millions of people switch to working from home due to the global coronavirus pandemic, video conferencing software like Zoom has become suddenly indispensable and far more widely-used than before. However, concerns have been raised and the security of some conferencing tools and the implications they could have for users' privacy.

An investigation by Motherboard last week revealed that Zoom's iOS app was sending some data about users to Facebook, which was not made clear in the app's privacy policy. This happened even if Zoom users did not have a Facebook account. Zoom would connect to Facebook's Graph API and share information such as the device model being used, the location a user was connecting from, and advertising identification data.

Read more