This article was last updated on December 19, 2023
Canada: 
Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…
USA: Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…
Table of Contents
The Data Leaks
When you think of data breaches involving the data of hundreds of millions of people, you may think of ingenious hackers who managed to circumvent advanced security. But a number of recent massive data breaches had nothing to do with security breaches. This also applies to the leak that KLM discovered this morning struggling.
The Issue with Data Scraping
What the attackers do do in such a case is scrape private data. Information that should only be accessible on a small scale is then automatically collected, bundled and then misused on a large scale.
The most famous example of scraping is the Cambridge Analytica scandal, in which a data company managed to access sensitive personal data of 50 million Facebook users. locks. That company then used the data to display ingenious personalized ads for political campaigns.
But more recent scraping leaks have been even bigger. In this way, criminals managed to access the data of 500 million LinkedIn customers and 533 million Facebook users. In the case of Facebook, malicious parties abused a function to find new friends. “You can use this to find his Facebook profile based on someone’s telephone number,” says security researcher Matthijs Koot.
KLM Leak
KLM made the mistake because links with flight information, which were sent to travelers by text message, were not unique enough. This made it possible to create a database of KLM customers by automatically requesting all links one by one and saving the result. turns out from research by the NOS. There is no evidence that this actually happened, but KLM does not want to indicate how it can rule out abuse.
That function was intended to find your friends on Facebook based on your phone’s address book, and not the other way around. So the intention was not to be able to find a telephone number for a particular telephone. “But if you simply enter all telephone numbers automatically and save the result, you can conversely create a list of which telephone number belongs to someone,” says Koot. The leak struck ultimately 533 million Facebook users; parent company Meta got an EU fine of 265 million euros.
Warning
A group of privacy regulators from outside the European Union, including those from the United Kingdom, Norway and Switzerland, came this summer with a common warning: social media companies and other websites must protect their users from scraping.
The fact that this does not always happen is also due to the limited incentive for social media to close data, says Koot. “The business model of social media is precisely to make information public.”
In other cases, a limited security budget can be a problem, according to Koot. “As a result, the security has not been tested enough.”
Hacker Forums
How often scraping occurs is unknown; not all incidents need to come to light. This usually only happens if the data is distributed via, for example, hacker forums, as was the case with the leaks at Facebook and LinkedIn.
“Professional hackers or organizations are behind those types of leaks,” says Koot. According to him, this is evident from the fact that they have managed to obtain the data of hundreds of millions of users unnoticed, without the detection systems of the tech giants raising the alarm.
Criminals can then sell this type of data to others. “These leaks are very useful for scammers,” says Koot. “Certainly if you combine multiple data breaches, you can put together a puzzle and learn a lot about someone.”
The more you know about someone, the more credibly you can defraud someone: for example, by pretending to be someone’s son or daughter and asking for money, as happens in practice. But phishing emails can also be drawn up in this way accurately.
It is extra problematic if you are a prominent Dutch person, for example a politician. Koot: “If you can find someone’s telephone number in a leak with a few mouse clicks, as is the case with several politicians, I find that problematic.”
Be the first to comment