Once more unto the breach, dear friends, once more.
Facebook recently announced that a previously unnoticed vulnerability in their site code has led to a hack of nearly 30 million accounts. Hackers were able to steal users’ access tokens, allowing them to stay logged onto the platform for months at a time. Hackers had access to sets of information including: name and contact details (phone number, email, or both, depending on what people had on their profiles), username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. This massive hack is yet another reminder of the fact that the private and sensitive data we share online, might not always remain that way.
Data breaches in recent months are arming online fraudsters with a wealth of information, and incidents like this one not only compromise the privacy of the account holders, but they also pose a serious threat to online merchants.
How Could This Affect Online Merchants?
While Facebook claims the leaked data did not include financial information such as credit card numbers, it did include large amounts of identifying information, including emails, addresses and phone numbers. This information is invaluable to internet fraudsters as it is often required for verification in the process of online purchases. In many cases, fraudsters manage to get a hold of their victim’s financials but lack enough identifying information to make their purchases look credible. Fraudsters now equipped with leaked Facebook data are able to build a very credible profile of their victim and have their purchases sneak under the merchant’s radar.
Moreover, some fraudsters use this information to take over a person’s identity without even having access to their financials. In these cases, fraudsters supply stolen personal information with unrelated financials. The credible buyer profile will often mislead internet merchants into accepting such fraudulent transactions. While in these types of cases the true identity holder doesn’t suffer financially, the online merchant still carries the liability.
Facebook’s security breach follows a series of other recent major breaches, including those at Equifax, Uber, Google+ and Under Armour, plus a breach that exposed huge amounts of voter data. The scale and high profile of these targeted companies indicate that such incidents will occur more frequently in the future. Additionally, Forter data shows that they correlate with an increase in reputation or identity takeovers, raising the stakes of online commerce altogether.
Our Response
In response to these developments, Forter has heavily invested in countering reputation takeovers. Our fraud solution includes a combination of machine learning and expert research, that work together to detect any use of stolen identity. This proven mechanism relies on our ever-growing network effect, which assures that every decision is based on all the relevant buyer’s past information and behavior. Our team of fraud experts also devotes time to researching and better understanding the mechanisms and signs of ATO in order to ensure that we can stop abusers before they wreak havoc on customer accounts. While the collaboration of hackers and fraudsters in Dark Web circles make the internet a more dangerous place for both customers and merchants, Forter’s technology and deep understanding of the nuances of online fraud threats allows us to mitigate the risks and continue pushing for a fraud-free future.