Over 1 Billion Facebook and LinkedIn Records Leaked on the Dark Web
In April of 2021, a total of 1 billion Facebook and LinkedIn records were exposed on the Dark Web, available for free to cyberthieves. The 533 million Facebook user records and 500 million LinkedIn user records includes the Personally Identifiable Information (PII) of individuals all over the world, putting their social media accounts and identity at risk for new account fraud, scams, and identity theft including account takeover fraud.
Social Media Leaks Pose a Threat to Your Workforce
Two in 10 social media users have fallen victim of a security-related incident and these new social media data leaks raise security concerns for employees and businesses. Similar to a Business Email Compromise (BEC), employees may be targeted by imposter scams through these social networks. Your employee’s compromised social media account may be used in social engineering schemes against your clients, vendors, or other employees. If your organization has a Facebook or LinkedIn business profile, consider the ways scammers may use the information exposed in these data leaks to target your employees and your organization.
Employees Who Manage Business Social Media Accounts
Your business is often subject to online scrutiny, and the last thing you need is a hacker compromising the integrity of your product or service. If you or other employees in your company are responsible for managing your company’s presence on social media, this exposure of social and personal information can be used maliciously in an account takeover attack.
Business social media accounts must be accessed through an employee’s individual account. The Facebook and LinkedIn exposed databases include PII that can be used to access personal accounts, leaving hackers with a means of entry into your business social account. If a malicious actor were to begin posting on your organization, it could be detrimental to your company’s reputation and result in business or loss of customer trust.
Your Employees Can Be Targeted in Imposter Scams
At least 72% of Americans use at least one social media platform, meaning not only are your customers online, so are your employees. With access to employee’s social account using exposed data, cybercriminals can impersonate your employees and commit targeted imposter scams to collect sensitive business information. Imposter scams are hard to detect, especially if it is coming from someone within your organization. A phishing or vishing request can open your business up to a data breach.
Tips for Protecting Your Employees and Your Business
- Train your staff to detect and report suspicious emails, texts, and social messages. CEO fraud and phishing scams can be easily spotted if you know what to look for. Teach your employees on how to identify suspicious messaging and not to click on any of the links.
- Require two-factor authentication on company and other high-risk accounts. 2FA helps protect online accounts from unauthorized access.
- Set up account alerts. Notifications sent via text or other methods reduce risk and are correlated with lower average fraud losses.
- Remind employees to update all account passwords, especially if they are connected to a business’ social page. Challenge employees to change passwords frequently (every few weeks if possible, or at least monthly) and instruct them to utilize a password manager.
- Protect employee’s mobile devices. Reduce risks of future identity incidents by monitoring mobile devices for malware, spyware, and other exploitable weaknesses. Look for an identity theft protection service with mobile threat detection built into its app.
Protect Your Employees Today
Data breaches and malicious use of personal and business information will never stop. Make sure that your entire staff is protected by rolling out the industry’s best identity theft protection as a non-taxable employee benefit.
Experience our suite of protection services for yourself with a Free Business Trial.