Facebook Has Hosted Stolen Identities and Social Security Numbers for Years

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.

Slashdot BANNED a user over THIS GREAT VIDEO!

Watch THE VIDEO that got a 20+ year Slashdotter BANNED from Slashdot!

Re:Slashdot BANNED a user over THIS GREAT VIDEO!

Is it the crappy april's fool video? It's lame.

Re: Slashdot BANNED a user over THIS GREAT VIDEO!

Yawnnn. Same spam. Nothing new. Im pretty sure all 400 people clicked that link at slashdot. You pissed in the pool now it's tainted. No on believes you.

Re: Slashdot BANNED a user over THIS GREAT VIDEO!

The video has 1,000+ views, all from Slashdot. Remember the first rule of Slashdot: only Slashdot readers know about Slashdot, everyone else reads Reddit.

Re:Slashdot BANNED a user over THIS GREAT VIDEO!

That dewlap also got you BANNED from the desserts table at Tomi's!

You here FOUR OUR!! You scare my WIFE!

Re:Slashdot BANNED a user over THIS GREAT VIDEO!

creimer, I reported you to youtube and keep reporting every spam post you make so all these spam posts will do is bring your view count in negative territory for a given day since youtube barred your stupid click-bot and your spam posts. minus 53 views for yesterday!

MODDOWN! ; creimer youtube spam post again!

creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

Re: Slashdot BANNED a user over THIS GREAT VIDEO!

Meanwhile, in the same time period, The Creimy-Dumpty video went from ~375 millions views to ~407 millions! Thanks cdreimer! 1000 views is a drop in the ocean!

MODDOWN! ; creimer karma whoring sock puppet post!

MODDOWN! ; creimer youtube spam post again!

creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

CREIMER' SUBMISSIONS UPDATE:
Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
https://slashdot.org/~IInhaleF...
https://slashdot.org/~__aaclcg...
https://slashdot.org/~IDrinkFa...
https://slashdot.org/~_sharp'r...
https://slashdot.org/~crreimer
https://slashdot.org/~cdreimer
https://slashdot.org/~criss69
https://slashdot.org/~Anonymou...
https://slashdot.org/~FatCashe...
https://slashdot.org/~ILoveFat...
https://slashdot.org/~IHateFat...
https://slashdot.org/~IAteFatC...
https://slashdot.org/~ITapeFat...
https://slashdot.org/~IApeFatC...
https://slashdot.org/~IPrayFat...
https://slashdot.org/~FatCashe...
and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!

Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!

creimer wrote:

I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!

https://slashdot.org/comments....

Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!

Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.

creimer wrote:

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.

https://slashdot.org/comments....

C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.

Creimy's siblings video and theme song, very realistic,

Re: Slashdot BANNED a user over THIS GREAT VIDEO!

I am upvoating all his stuff with bot accounts of my own. He will make a glorious return and you will kiss his ass

Still not as bad as Russian propaganda...

I'll never forgive Facebook for acting as Russia's propaganda arm to elect Donald Trump.

By the way, anyone else getting those "History in Orbit" ads that are obvious Russian propaganda about their supposedly fearsome military.

Ok, you installed a treasonous puppet, but let's not get carried away here Vladimir...

Re: Still not as bad as Russian propaganda...

Sure Hillary. Take your meds.

Re: Still not as bad as Russian propaganda...

Haha, still going on about that as if Russia didn't attack all sides of the election.
A lot a sexual allegations were thrown at Trump and it didn't stop him.
Clintons would have known that wouldn't work, so it had to be Russians attacking Trump.

Better not look in Google, then

[xxxJonBoyxxx]

So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

Re:Better not look in Google, then

"Facilitated" is a magic word that's only limited by your imagination.

So, yes. Google is totally hosting shit. Hell, you and I need to be dragged in for being associates of accomplices of supporters of conspirators of a google intern.

Plot twist: The google intern later joined a blackhat group and was the actual actor behind that PII dump.

Lawyers have taken their web of causality shit and reached a grade so retarded that you can find a copy of it in the folder labeled "time traveler precautions".

*SWATs butterfly*

Re:Better not look in Google, then

[tlhIngan]

So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

They do, and Google promptly removes it as well once notified. They even block the search.

There was a time Google was used to search for credit card numbers, and Google quickly got those eradicated from the search results and made it so the search doesn't actually work anymore.

What do you want?

It's a website where people post stuff. Literally trillions of posts over years.
What kind of magical spying powers do you think Facebook has?

Re:What do you want?

Can't you just use one of APK's hosts files?

Re:What do you want?

[darkain]

NSA spying powers!

Re:What do you want?

[greenwow]

Plus this is holding Facebook responsible for the actions of others.

isn't it time for some action from Congress?

[AlwinBarni]

I think it is time for more then just a public show of shamming in front of the Congress.

The best would be to decouple SSN from private lives and use it as it was intended to, just as your social security ID.

I would also add a requirement for any company to use up-to-date encryption standards when processing personal information and explicit permission of the mentioned when storing such information for longer then 'n' weeks (government agencies can be exempt from the explicit permission of course).

Yeah, that's how it works

[drinkypoo]

Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them.

Yes, Facebook depends on notifications to catch some illicit content. If they acted on those posts once notified, the system is working — except for the part where someone can use your SSN to get credit in your name. That part is broken, by design. However, that part isn't in Facebook.

You can play whack-a-mole with SSNs from now until eternity, or you can fix the credit problem, but you can't protect SSN's by playing whack-a-mole.

Re:Yeah, that's how it works

facebook allows this wonderful side effect of coalescing all the data one needs to steal an identity - even if the user doesn't intend to do so.

My wife was very careful NOT to publish her DOB or mother's maiden name.

Guess what?

On her birthday - the real one - folks wished her a happy birthday. And her mother who has an account with her REAL name posts 'love from Mom.'

It's bad and facebook enables a lot of this crime. Sometimes the best way to fight a crime is disable its delivery system.

Re:Yeah, that's how it works

Your apologism not withstanding, Facebook has a responsibility to patrol their OWN FUCKING SITE of willingly-stolen personal information for illegal sensitive content like identity theft. That's THEIR responsiblity, apologist. They know it.

You trying to put that off on their unthinking captive-moron user base is putting the responsibility where it definitely does not fall.

Re:Yeah, that's how it works

[Ichijo]

If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

Re:Yeah, that's how it works

If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

Your local newspaper has a human reading all the incoming ads before posting them. One hopes that Facebook does not read all posts. Particularly the ones that are not shared publicly.

A better analogy would be: The phone company doesn't listen in on all phone calls to stop criminals from making plans over the phone. Why should FaceBook be required to listen in on all conversations on its platform?

Re:Yeah, that's how it works

Yes, a local newspaper can do that. It doesn't scale to a billion users and a trillion posts.

Re:Yeah, that's how it works

[Riceballsan]

I can't agree with the premise here... I hate facebook beyond anything, but we're still looking at the rough premise of "people are stupid and put things online that they shouldn't". We can't really solve that problem by forbidding people from posting anything. Destroy the internet is the only option that accomplishes that, which I'm not so in favor of

Re:Yeah, that's how it works

[Riceballsan]

The same reason that putting ads in your local paper is priced out of the range that people would ever use it for anything they weren't really concerned about. The paper is happy to charge you $50+ to put in a half a paragraph blurb. Facebook is made so that anyone with an e-mail address can publish photo's of every meal they eat without batting an eye. I hate facebook, I don't use them... but I at least understand what people who use it, want to use it for, but this is a crazy silly comparison. Newspapers have the luxury of more or less having 1 staff member, per every 50 ads easilly. In order for facebook to do that, they'd need to hire a few hundred million people, or require actual verification of true identity to prevent multiple accounts, and restrict people to something like 1 post a year, and the fact is criminals won't really be bothered by this, there's millions of better ways they could be sending their stolen data around. Not to mention, we would be putting a stupid double standard there... we hate facebook because they are mining the fuck out of everything we put and gathering too much information. Now we're going to say they need to be spending MORE time looking at our posts?

Re:Yeah, that's how it works

[Ichijo]

In order for facebook to do that, they'd need to hire a few hundred million people

That doesn't sound impossible, only expensive. Instead, Facebook chose to cut corners, betting that it would save them money over any fines and lawsuits they might have to pay.

Why should they not be allowed to lose that bet?

Now we're going to say they need to be spending MORE time looking at our posts?

Not all of our posts, just the public ones.

Re:Yeah, that's how it works

[parkinglot777]

It is what people do -- dumb things. If you want to be very careful, don't have a FB account at all. That's the only way to avoid the situation you mentioned.

Facebook has some real issues

I think its clear Facebook talks a good talk but is two faced in how it actually does business. Do you really think a Zuckerberg really cares? His lack of real action says volumes.

Troll4o8e

that suuport new faces and 8any achievements that

LinkedIN

Why isn't anyone getting uptight over LinkedIN? They have our goddamn WORK history! Does anyone think that they aren't pimping out our data?
I remember having my profile looked at without ever seeing WHO looked at them. That was fucking creepy!

When an employer says they recruit from LinkedIN I pass them by - like GoodWill......

I 'canceled' my LinkedIN account and never had a facebook account. From what I've seen, that didn't make any difference.

If I learned to find them from Slashdot?

We can keep pulling this thread... If I learned I could use the internet to find stolen CC numbers from Slashdot, then....

Safe barbor for haircuts

[Impy+the+Impiuos+Imp]

If facebook actively searches for this stuff, they can't hide behind safe harbor legislation that merely requires removal of stuff when notified.

It'a like having a rustic forest with widowmaker branches hanging up there. Once you start pulling them down, you're screwed, and have to do it repeatedly lest you get sued. If you had left it alone and some idiot wandered through and got killed, that's their problem.

Old News

[mencik]

Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.

Morons

Post their social for number feng shui and numerology.

Deja vu?:

[Manqueman]

I’m sure they’ve apologized and promised to do better.