Cybercriminals witnessed karma at work firsthand after duping victims into giving away their Facebook passwords.
The scammers posed as legitimate entities, offering users the chance to identify who viewed their Facebook profiles.
They sent bogus login pages and tricked hundreds of thousands of victims into submitting their credentials.
But they didn’t get the last laugh because they forgot to secure the cloud database on which the data was stored with a password. As a result, anyone could see the information, which also included details about their operation.
Noam Rotem and Ran Locar, Israeli security researchers, were first to unravel the incident. They reported the findings to Facebook, which forced the affected users to change their passwords. According to Rotem and Locar, the hackers would use victims’ accounts to post a fake bitcoin scheme on their behalf in an attempt to steal money from their FB friends.
The researchers operate software that scans the web for exposed databases, and they regularly find unsecured user data that legitimate services fail to protect. That includes patient records from plastic surgery clinics, ID numbers of Peruan moviegoers, and job seekers’ salary information.
But in some instances, the data in these databases is actually stolen from previous hacks or taken from social media profiles in bulk, which goes against the platforms’ policies.
However, Rotem and Locar say that although they suspected the database might belong to Facebook, it soon became evident that it’s cybercrime. It should be noted that the social media giant previously stated that it would never reveal who looks at profiles. Therefore, any entity claiming to offer such services should be taken with a pinch of salt.
And unsurprisingly, the scammers did ont deliver on their promise. Instead, they stole users’ credentials and tried to lure victims into spending hundreds, maybe even thousands of dollars in bitcoin.
To sum up, it’s crucial to verify the authenticity of every service and only download reputable apps.
And for extra security and privacy, use anonymity tools like VPN that encrypt your entire traffic and mask your IP address. TheVPN.Guru offers valuable VPN how-to guides and unbiased reviews, in addition to the latest cybersecurity news and tips.