Facebook, the world’s leading social networking platform, has recently made headlines for all the wrong reasons. The company led by Mark Zuckerberg has found itself in the news due to a troubling trend: it has become a target for cyber criminals hailing from Vietnam, who are utilizing stolen account credentials for various nefarious purposes, including selling them on the black market, identity theft, financial loss, and emotional distress.
While Facebook’s customer support teams are tirelessly working to address these issues, the situation is far from ideal.
So, how are these cyber criminals managing to siphon off account credentials from Facebook, often referred to as FB?
The cyber crooks from Vietnam are employing tactics that involve exploiting weak passwords and pilfering cookies from web browsers.
Cookies, in this context, are small pieces of information that websites store on a user’s browser. This allows websites to remember a user’s purpose for visiting, as well as their login details. Consequently, the user doesn’t need to repeatedly enter their password to access a service. A single password input grants access to various services provided by a single company within the same browser session. For browsers like Firefox, these cookies remain active until the user closes the browser, after which the data stored in the cookies disappears.
Hackers are employing techniques to steal data from these cookies without requiring the user to enter a password or verification code.
Interestingly, the dark web is rife with sites offering information from over 1,000 cookies for a mere $69. In the case of Facebook emails, a collection of 100 account details can be obtained for $30.
These stolen credentials empower hackers to perpetrate scams, frauds, or resell datasets with active information. It’s important to note that threat actors can use stolen Facebook login credentials to access personal information from emails, manipulate payment methods, or pilfer photos and videos stored on Facebook accounts.
In this precarious digital landscape, implementing robust security measures is crucial. This includes employing threat detection solutions, using strong passwords that consist of a combination of alphanumeric characters and a few special characters, and ensuring they are at least 14 characters in length. Enabling multi-factor authentication further enhances account security, making it significantly more challenging for hackers to gain unauthorized access.
Additionally, exercising caution when it comes to clicking on links sent by unknown sources via emails, WhatsApp, or SMS is advisable in order to navigate these cyber threats more safely.