Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com)

Posted by msmash on from the closer-view dept.

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.

37 comments

  1. Better not look in Google, then by xxxJonBoyxxx · · Score: 2

    So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

    1. Re:Better not look in Google, then by Anonymous Coward · · Score: 0

      "Facilitated" is a magic word that's only limited by your imagination.

      So, yes. Google is totally hosting shit. Hell, you and I need to be dragged in for being associates of accomplices of supporters of conspirators of a google intern.

      Plot twist: The google intern later joined a blackhat group and was the actual actor behind that PII dump.

      Lawyers have taken their web of causality shit and reached a grade so retarded that you can find a copy of it in the folder labeled "time traveler precautions".

      *SWATs butterfly*

    2. Re:Better not look in Google, then by tlhIngan · · Score: 1

      So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

      They do, and Google promptly removes it as well once notified. They even block the search.

      There was a time Google was used to search for credit card numbers, and Google quickly got those eradicated from the search results and made it so the search doesn't actually work anymore.

  2. Re:Slashdot BANNED a user over THIS GREAT VIDEO! by Anonymous Coward · · Score: 0

    Is it the crappy april's fool video? It's lame.

  3. Re:What do you want? by Anonymous Coward · · Score: 0

    Can't you just use one of APK's hosts files?

  4. Re:What do you want? by darkain · · Score: 1

    NSA spying powers!

  5. isn't it time for some action from Congress? by AlwinBarni · · Score: 1

    I think it is time for more then just a public show of shamming in front of the Congress.

    The best would be to decouple SSN from private lives and use it as it was intended to, just as your social security ID.

    I would also add a requirement for any company to use up-to-date encryption standards when processing personal information and explicit permission of the mentioned when storing such information for longer then 'n' weeks (government agencies can be exempt from the explicit permission of course).

  6. Re: Slashdot BANNED a user over THIS GREAT VIDEO! by Anonymous Coward · · Score: 0

    Yawnnn. Same spam. Nothing new. Im pretty sure all 400 people clicked that link at slashdot. You pissed in the pool now it's tainted. No on believes you.

  7. Yeah, that's how it works by drinkypoo · · Score: 5, Insightful

    Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them.

    Yes, Facebook depends on notifications to catch some illicit content. If they acted on those posts once notified, the system is working — except for the part where someone can use your SSN to get credit in your name. That part is broken, by design. However, that part isn't in Facebook.

    You can play whack-a-mole with SSNs from now until eternity, or you can fix the credit problem, but you can't protect SSN's by playing whack-a-mole.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Yeah, that's how it works by Anonymous Coward · · Score: 0

      facebook allows this wonderful side effect of coalescing all the data one needs to steal an identity - even if the user doesn't intend to do so.

      My wife was very careful NOT to publish her DOB or mother's maiden name.

      Guess what?

      On her birthday - the real one - folks wished her a happy birthday. And her mother who has an account with her REAL name posts 'love from Mom.'

      It's bad and facebook enables a lot of this crime. Sometimes the best way to fight a crime is disable its delivery system.

    2. Re:Yeah, that's how it works by Ichijo · · Score: 1

      If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    3. Re:Yeah, that's how it works by Anonymous Coward · · Score: 0

      If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

      Your local newspaper has a human reading all the incoming ads before posting them. One hopes that Facebook does not read all posts. Particularly the ones that are not shared publicly.

      A better analogy would be: The phone company doesn't listen in on all phone calls to stop criminals from making plans over the phone. Why should FaceBook be required to listen in on all conversations on its platform?

    4. Re:Yeah, that's how it works by Anonymous Coward · · Score: 0

      Yes, a local newspaper can do that. It doesn't scale to a billion users and a trillion posts.

    5. Re:Yeah, that's how it works by Riceballsan · · Score: 1

      I can't agree with the premise here... I hate facebook beyond anything, but we're still looking at the rough premise of "people are stupid and put things online that they shouldn't". We can't really solve that problem by forbidding people from posting anything. Destroy the internet is the only option that accomplishes that, which I'm not so in favor of

    6. Re:Yeah, that's how it works by Riceballsan · · Score: 1

      The same reason that putting ads in your local paper is priced out of the range that people would ever use it for anything they weren't really concerned about. The paper is happy to charge you $50+ to put in a half a paragraph blurb. Facebook is made so that anyone with an e-mail address can publish photo's of every meal they eat without batting an eye. I hate facebook, I don't use them... but I at least understand what people who use it, want to use it for, but this is a crazy silly comparison. Newspapers have the luxury of more or less having 1 staff member, per every 50 ads easilly. In order for facebook to do that, they'd need to hire a few hundred million people, or require actual verification of true identity to prevent multiple accounts, and restrict people to something like 1 post a year, and the fact is criminals won't really be bothered by this, there's millions of better ways they could be sending their stolen data around. Not to mention, we would be putting a stupid double standard there... we hate facebook because they are mining the fuck out of everything we put and gathering too much information. Now we're going to say they need to be spending MORE time looking at our posts?

    7. Re:Yeah, that's how it works by Ichijo · · Score: 1

      In order for facebook to do that, they'd need to hire a few hundred million people

      That doesn't sound impossible, only expensive. Instead, Facebook chose to cut corners, betting that it would save them money over any fines and lawsuits they might have to pay.

      Why should they not be allowed to lose that bet?

      Now we're going to say they need to be spending MORE time looking at our posts?

      Not all of our posts, just the public ones.

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    8. Re:Yeah, that's how it works by parkinglot777 · · Score: 1

      It is what people do -- dumb things. If you want to be very careful, don't have a FB account at all. That's the only way to avoid the situation you mentioned.

  8. Facebook has some real issues by Anonymous Coward · · Score: 0

    I think its clear Facebook talks a good talk but is two faced in how it actually does business. Do you really think a Zuckerberg really cares? His lack of real action says volumes.

  9. LinkedIN by Anonymous Coward · · Score: 1

    Why isn't anyone getting uptight over LinkedIN? They have our goddamn WORK history! Does anyone think that they aren't pimping out our data?
    I remember having my profile looked at without ever seeing WHO looked at them. That was fucking creepy!

    When an employer says they recruit from LinkedIN I pass them by - like GoodWill......

    I 'canceled' my LinkedIN account and never had a facebook account. From what I've seen, that didn't make any difference.

  10. Re: Slashdot BANNED a user over THIS GREAT VIDEO! by Anonymous Coward · · Score: 0

    The video has 1,000+ views, all from Slashdot. Remember the first rule of Slashdot: only Slashdot readers know about Slashdot, everyone else reads Reddit.

  11. If I learned to find them from Slashdot? by Anonymous Coward · · Score: 0

    We can keep pulling this thread... If I learned I could use the internet to find stolen CC numbers from Slashdot, then....

  12. Re:What do you want? by greenwow · · Score: 0

    Plus this is holding Facebook responsible for the actions of others.

  13. Safe barbor for haircuts by Impy+the+Impiuos+Imp · · Score: 1

    If facebook actively searches for this stuff, they can't hide behind safe harbor legislation that merely requires removal of stuff when notified.

    It'a like having a rustic forest with widowmaker branches hanging up there. Once you start pulling them down, you're screwed, and have to do it repeatedly lest you get sued. If you had left it alone and some idiot wandered through and got killed, that's their problem.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  14. Re: Still not as bad as Russian propaganda... by Anonymous Coward · · Score: 0

    Sure Hillary. Take your meds.

  15. Re: Slashdot BANNED a user over THIS GREAT VIDEO! by Anonymous Coward · · Score: 0

    Meanwhile, in the same time period, The Creimy-Dumpty video went from ~375 millions views to ~407 millions! Thanks cdreimer! 1000 views is a drop in the ocean!


    MODDOWN! ; creimer karma whoring sock puppet post!


    MODDOWN! ; creimer youtube spam post again!

    creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

    CREIMER' SUBMISSIONS UPDATE:
    Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
    https://slashdot.org/~IInhaleF...
    https://slashdot.org/~__aaclcg...
    https://slashdot.org/~IDrinkFa...
    https://slashdot.org/~_sharp'r...
    https://slashdot.org/~crreimer
    https://slashdot.org/~cdreimer
    https://slashdot.org/~criss69
    https://slashdot.org/~Anonymou...
    https://slashdot.org/~FatCashe...
    https://slashdot.org/~ILoveFat...
    https://slashdot.org/~IHateFat...
    https://slashdot.org/~IAteFatC...
    https://slashdot.org/~ITapeFat...
    https://slashdot.org/~IApeFatC...
    https://slashdot.org/~IPrayFat...
    https://slashdot.org/~FatCashe...
    and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!

    Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!

    creimer wrote:

    I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!

    https://slashdot.org/comments....

    Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!

    Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.

    creimer wrote:

    All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.

    https://slashdot.org/comments....

    C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

    But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

    Creimy Dumpty sat on the wall,
    Creimy Dumpty had a great fall.
    All the king's horses
    And all the king's men
    Couldn't put Creimy Dumpty
    Together again.

    Creimy's siblings video and theme song, very realistic,

  16. Old News by mencik · · Score: 3, Informative

    Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.

  17. Re: Slashdot BANNED a user over THIS GREAT VIDEO! by Anonymous Coward · · Score: 0

    I am upvoating all his stuff with bot accounts of my own. He will make a glorious return and you will kiss his ass

  18. Morons by Anonymous Coward · · Score: 0

    Post their social for number feng shui and numerology.

  19. Re: Still not as bad as Russian propaganda... by Anonymous Coward · · Score: 0

    Haha, still going on about that as if Russia didn't attack all sides of the election.
    A lot a sexual allegations were thrown at Trump and it didn't stop him.
    Clintons would have known that wouldn't work, so it had to be Russians attacking Trump.

  20. Deja vu?: by Manqueman · · Score: 1

    I’m sure they’ve apologized and promised to do better.