Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Has Hosted Stolen Identities and Social Security Numbers for Years (vice.com)

Posted by msmash on from the closer-view dept.

Cybercriminals have posted sensitive personal information, such as credit card and social security numbers, of dozens of people on Facebook and have advertised entire databases of private information on the social platform, Motherboard reports. Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them. From the report: As of Monday, there were several public posts on Facebook that advertised dozens of people's Social Security Numbers and other personal data. These weren't very hard to find. It was as easy as a simple Google search. Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as "public" on Facebook, meaning anyone can see them, not just the author's friends. Independent security researcher Justin Shafer alerted Motherboard to these posts Monday.

14 of 37 comments (clear)

  1. Better not look in Google, then by xxxJonBoyxxx · · Score: 2

    So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

    1. Re:Better not look in Google, then by tlhIngan · · Score: 1

      So...if Google cached results that contained full SSNs and other PII, aren't they as culpable as well? (And I'd imagine they're still in there...)

      They do, and Google promptly removes it as well once notified. They even block the search.

      There was a time Google was used to search for credit card numbers, and Google quickly got those eradicated from the search results and made it so the search doesn't actually work anymore.

  2. Re:What do you want? by darkain · · Score: 1

    NSA spying powers!

  3. isn't it time for some action from Congress? by AlwinBarni · · Score: 1

    I think it is time for more then just a public show of shamming in front of the Congress.

    The best would be to decouple SSN from private lives and use it as it was intended to, just as your social security ID.

    I would also add a requirement for any company to use up-to-date encryption standards when processing personal information and explicit permission of the mentioned when storing such information for longer then 'n' weeks (government agencies can be exempt from the explicit permission of course).

  4. Yeah, that's how it works by drinkypoo · · Score: 5, Insightful

    Some of these posts have been left up on Facebook for years, and the internet giant only acted on these posts after the publication told it about them.

    Yes, Facebook depends on notifications to catch some illicit content. If they acted on those posts once notified, the system is working — except for the part where someone can use your SSN to get credit in your name. That part is broken, by design. However, that part isn't in Facebook.

    You can play whack-a-mole with SSNs from now until eternity, or you can fix the credit problem, but you can't protect SSN's by playing whack-a-mole.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Yeah, that's how it works by Ichijo · · Score: 1

      If I tried to post an ad for illicit content in my local newspaper, the editors would catch it. Why can't Facebook do the same?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    2. Re:Yeah, that's how it works by Riceballsan · · Score: 1

      I can't agree with the premise here... I hate facebook beyond anything, but we're still looking at the rough premise of "people are stupid and put things online that they shouldn't". We can't really solve that problem by forbidding people from posting anything. Destroy the internet is the only option that accomplishes that, which I'm not so in favor of

    3. Re:Yeah, that's how it works by Riceballsan · · Score: 1

      The same reason that putting ads in your local paper is priced out of the range that people would ever use it for anything they weren't really concerned about. The paper is happy to charge you $50+ to put in a half a paragraph blurb. Facebook is made so that anyone with an e-mail address can publish photo's of every meal they eat without batting an eye. I hate facebook, I don't use them... but I at least understand what people who use it, want to use it for, but this is a crazy silly comparison. Newspapers have the luxury of more or less having 1 staff member, per every 50 ads easilly. In order for facebook to do that, they'd need to hire a few hundred million people, or require actual verification of true identity to prevent multiple accounts, and restrict people to something like 1 post a year, and the fact is criminals won't really be bothered by this, there's millions of better ways they could be sending their stolen data around. Not to mention, we would be putting a stupid double standard there... we hate facebook because they are mining the fuck out of everything we put and gathering too much information. Now we're going to say they need to be spending MORE time looking at our posts?

    4. Re:Yeah, that's how it works by Ichijo · · Score: 1

      In order for facebook to do that, they'd need to hire a few hundred million people

      That doesn't sound impossible, only expensive. Instead, Facebook chose to cut corners, betting that it would save them money over any fines and lawsuits they might have to pay.

      Why should they not be allowed to lose that bet?

      Now we're going to say they need to be spending MORE time looking at our posts?

      Not all of our posts, just the public ones.

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    5. Re:Yeah, that's how it works by parkinglot777 · · Score: 1

      It is what people do -- dumb things. If you want to be very careful, don't have a FB account at all. That's the only way to avoid the situation you mentioned.

  5. LinkedIN by Anonymous Coward · · Score: 1

    Why isn't anyone getting uptight over LinkedIN? They have our goddamn WORK history! Does anyone think that they aren't pimping out our data?
    I remember having my profile looked at without ever seeing WHO looked at them. That was fucking creepy!

    When an employer says they recruit from LinkedIN I pass them by - like GoodWill......

    I 'canceled' my LinkedIN account and never had a facebook account. From what I've seen, that didn't make any difference.

  6. Safe barbor for haircuts by Impy+the+Impiuos+Imp · · Score: 1

    If facebook actively searches for this stuff, they can't hide behind safe harbor legislation that merely requires removal of stuff when notified.

    It'a like having a rustic forest with widowmaker branches hanging up there. Once you start pulling them down, you're screwed, and have to do it repeatedly lest you get sued. If you had left it alone and some idiot wandered through and got killed, that's their problem.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  7. Old News by mencik · · Score: 3, Informative

    Brian Krebs reported on this a week ago, and then followed up with another story about how attempting to report more of them was rebuffed.

  8. Deja vu?: by Manqueman · · Score: 1

    I’m sure they’ve apologized and promised to do better.