The “Cyber Threat Status Report” included data leakage on Facebook, and recommendations for users to minimize damage from data leaks.
In the “Cyber Threat Status Report” FacebookWhile mentioning the data leak experienced in, recommendations were given to the users to minimize the damage from data leaks.
According to the statement made by Savunma Teknolojileri Mühendislik ve Ticaret A.Ş. (STM), STM’s technological thinking center “Thinktech”, which has carried out important projects and domestic products in the field of cyber security in Turkey, examines and shares the cyber threats and incidents with the public. announced its new “Cyber Threat Status Report”. The report covers striking issues of the agenda, such as data leakage on Facebook and measures to be taken, security assessment of password managers, research on tampering attacks and attackers.
In the report, social media While warnings are made that personal data shared in their accounts may be processed outside of their purpose and turn into a cyber threat, information is given about the importance to be taken in this regard. The report also draws striking conclusions by analyzing the behavior of falsification attackers on online social networks. In the “Security Assessment of Password Managers” title of the report, the security vulnerabilities caused by the habits of password selection are explained.
What to do in the face of Facebook data leak and data leak
STM ThinkTech’s report mentions the data leak on Facebook, one of the most used social networks in the world with approximately 2 billion users. On April 3, 2021, a Twitter According to his post, it was alleged that the personal information of 533 million Facebook users was leaked and made available free of charge.
When the data structure of the leak is examined, the users; It was seen that some or all of the information such as phone number, Facebook user ID, name, surname, gender, address (country, region, city, full address), marital status, Facebook account creation date, e-mail address, date of birth could be accessed.
This data leak that Facebook experienced in 2019 was carried out by an illegal search robot (web crawler), according to researchers, and was caused by an installation error that Facebook made while integrating Elasticsearch technology into their systems. Thereupon, the US Personal Data Protection Board initiated an investigation on Facebook.
The report highlights the importance of avoiding certain posts on accounts and taking necessary security measures in order to increase the security of social media accounts and to ensure that as little personal information is exposed in the event of a leak. The measures to be taken by users are briefly listed in the report as follows:
“Strong passwords should be used when determining account passwords; important names and places in a person’s life should not be included in their account passwords, In addition to these elements that ensure account security, information such as credit cards and bank information should never be shared on social media networks. Work history information provided on platforms such as LinkedIn should be kept as limited as possible. Posts that can give detailed information about the personal life of the person such as blog posts should be avoided as much as possible. It should be investigated whether the followed people and celebrities are really that person and avoid adding too many friends. “
Security Assessment of Password Managers: The Strength of Password
STM ThinkTech’s report includes a review of thirteen different password managers in terms of password generation, storage and autofill features that make up the life cycle of password management, while addressing the shortcomings in online security. As a result of this review, problems such as unencrypted metadata in password managers, default settings that create security vulnerabilities, and clickjacking vulnerability are examined.
As stated in the report, despite the problems it faces, password-based authentication remains the most used form of authentication on the web. Since passwords that are difficult to find by attackers are also difficult for users to remember, users prefer passwords that are easy to remember, which creates a security problem. In addition, it is emphasized that the use of the same password on many different platforms increases the danger even more. It is also recommended that users switch from browser-based password managers to app and extension-based password managers.
Analysis of tampering attacks and attackers using Twitter
Although it is a very common type of attack, website tampering attacks, which receive less attention from researchers, are among the most reported web attacks by the media. STM ThinkTech’s report aims to provide general information about tampering attacks and attackers by analyzing the behavior of tampering attackers in online social networks such as Twitter and underground forums, while contributing to the development of solutions to detect tampering attackers and to prevent tampering attacks. The focus of the report on the Twitter platform is cited in a 2018 study that falsification attackers are increasingly using LSA.
The report also includes the evaluation of the data obtained through research questions created to examine whether the activities of falsification attackers on Twitter will help to understand their behavior.
Source: Anadolu Agency / Abdulkadir Günyol