The previous installment in our series on the collateral damage, which a data breach can wreak upon individuals, we considered the profound possibilities of a privileged information breach. This article reviews the potential damages that can occur with a social profile data breach.
The information on your social media platform may not seem like a big deal… after all, who’s really going to care if your first dog’s name was Buffy or if your favorite 80s rock band was The Replacements, Queen, Guns N’ Roses, AC/DC, U2, or Bon Jovi? You might not think such information is a big deal – but to cyber criminals, that “trivial” information is worth more than your credit card number and expiration date. Professional intruders are not interested in defacing your Facebook page, forcing you to follow someone they are trying to promote, or causing you to share a link for laughs. In the world of cybercrimes information is money – and complete profiles on individuals constitute a virtual gold mine.
The answers to the security questions you use to recover your password or to verify your identity over the phone will most likely be the same “trivial” information recorded somewhere in you online social profile. When criminals have your social media username and password they have much more than an access combination that you probably use frequently – they have access to your relationships, your preferences, your history, and anything else you’ve entrusted to the social platform.
Nearly 360 Million Records Exposed in a Massive Social Profile Data Breach
On May 31, 2016 Myspace publically confirmed that their servers had been breached. According to news stories, nearly 360 million usernames and passwords from the social media platform were dumped into the public domain. While officials at Myspace have downplayed the extent of the incident, this was one of the largest data breaches in history. Furthermore, even though the data stolen was from before 2013, the sheer size of the data dump makes this the most significant social profile data breach ever. So in case you’re wondering what cyber criminals might do with that “trivial” information, here’s some of the potential forms of collateral damage that can befall an individual:
- Exposure to Targeted Spear Phishing Attacks: The more precisely an attacker can develop a complete profile on an individual, the more targeted the phishing attack that can be developed. If, for example, the attacker learns that you recently took your dog, Duke, to the vet and the name of that vet, it would be relatively easy to send an email in the name of the vet and reference Duke in the subject line. Such an email will either ask you to verify your payment credentials or will allow malware to be loaded onto your computer for additional attacks.
- Compromised Security Information Leading to Additional Cyber Attacks: A social profile data breach may expose your higher security accounts to infiltration attempts through password verification or phone verification attacks.
- Damaged Personal Reputation: Your social media accounts can be mined for personal information useful for launching a smear campaign against you, or to embroil your reputation through innuendo and implications to your social contacts.
When a social profile data breach occurs – or a username / password breach of a social media platform – you may not readily know the extent of the damages. Your usernames and passwords can be changed, but not your picture, your relationships, or your personal history. These are a gold mine to patient criminals if they can attach this data to your new username and password. Even if not, there is still enough information contained in most social profiles to expose you to significant collateral damage for years if not decades. One or two years of credit monitoring and a change of login credentials will not prevent the collateral damage of a social profile data breach. Who will these individuals be able to look to as a responsible party for the damages to which they are exposed?
In our last installment in this series on the collateral damage of a data breach, we will consider the corporate collateral damage caused by a credit card data breach.