At a glance.
- Stolen Social Blade database surfaces on hacking forum.
- Update on Little Rock School District breach.
- Meta-Phish hooks Facebook users.
Stolen Social Blade database surfaces on hacking forum.
Social Blade, an analytics company that provides customers with earnings and projections stats for social media platforms like YouTube and Twitter, has disclosed it suffered a data breach after the hackers posted a stolen database for sale on an underground forum. Bleeping Computer explains that Social Blade sent a notification to customers stating, “On December 14th we were notified of a potential data breach whereby an individual had acquired exports our users database and were attempting to sell it on a hacker forum. Samples were posted and we verified that they were indeed real. It appears this individual made use of a vulnerability on our website to gain access to our database.” The compromised data includes client email addresses, hashed passwords, client IDs, tokens for business API users, and authorization tokens for connected accounts. Heimdal Security Blog notes that because the passwords were hashed, Social Blade is not instating a site-wide password reset, but users have been advised to reset their credentials just in case. As well, the authorization tokens for Business users and connected social media accounts have been cycled in order to prevent threat actors from using them.
Jason Kent, Hacker in Residence at Cequence Security, sees the importance, and the danger, of small flaws:
"Even the smallest of flaws, if they go unnoticed, can compound into a huge problem for an organization. Without knowing the exact nature of the flaw we can assume it allowed full access to the Database as this is what the attacker had after running the breach. The overall response here was excellent including resetting passwords and flushing API keys as well as addressing the flaw.
"Had the accounts or API keys been compromised and left valid, the damage could have been much much worse. Imagine having administrative access at the level of every one of their customers. They could sell social analytics to anyone for any purpose including reputational and/or brand damage. Moving on to the knock-on effect of this, now the people that possess the database know a good credential set to try on other platforms. Understand who the customers are for contextual phishing campaigns as well as other scams that can be run with such data. If you are/were a customer of Social Blade, be prepared for these kinds of attacks."
Update on Little Rock School District breach.
As we previously noted, earlier this month the Little Rock School District, located in the US state of Arkansas, discovered unauthorized activity on its network indicating a data breach. There were few details at the time, but Arkansas Online now reports that the school district has finalized a settlement linked to the cyberattack. Little Rock School Board president Greg Adams posted on the district website: "We cannot share the details of this agreement but we are in the process of retrieving the data that was taken from our system. Once we have confirmation that this process is complete, we will contact every individual whose data may have been compromised and will provide credit monitoring/identity theft services to these individuals.” Officials have not disclosed any details about the settlement, including whether a ransom has been paid. However, a few days after the attack, the Little Rock School Board voted to authorize Little Rock Superintendent Jermall Wright to enter into a settlement of at least $250,000 to end the cyberattack.
Meta-Phish hooks Facebook users.
Facebook, owned by parent company Meta, is an attractive target for phishing scams, and Trustwave details a new phishing operation that capitalizes on the familiarity of the popular social media platform. Dubbed Meta-Phish, the scam begins with a fake violation email linking to a seemingly legitimate Facebook Page Support profile. However, the link in the profile directs the target to a phishing URL posing as Facebook’s copyright appeal page. There, the victim is lured into handing over personal details like name, email, and phone number, which, along with their client IP and geolocation information, are sent to the phishers.
Tonia Dudley, CISO at Cofense, observes that a successful impersonation of Facebook inevitably offers the prospect of widespread damage:
“With nearly 2.9 billion monthly active users, Facebook has unfortunately been an active target for scammers seeking to exploit accounts and make financial gains for a long time. This recent attack is very similar to a December 2020 phishing campaign that tricked users into giving scammers their account credentials for fear that their accounts would be disabled. In this case, scammers alerted users to a copyright infringement issue and linked them to an external “support” site named after Meta to reduce suspicion.
"As is common in many of today’s phishing attacks, a critical component of this particular attack is its lure design. Threat actors play the fear factor in many phishing campaigns, which causes many users to overlook common indicators of a phishing attempt, including an improper tone or greeting, grammar or spelling errors and inconsistencies in email addresses, links and domain names.
"To prevent future phishing attacks, organizations like Facebook must take the necessary steps to protect inboxes, detect threats, and respond to an attack. Adopting actionable intelligence that gives visibility into the risk factors in your network and immediately and decisively responds to phishing threats will help keep malicious actors at bay and ensure the protection of sensitive data.”
James McQuiggan, security awareness advocate at KnowBe4, points out that fear has a prominent place in the social engineer's toolkit:
“Fear is a standard emotional tool that cybercriminals use to get their victims to click a link or open an attachment. In this case, they fear losing their Facebook account because of a bogus copyright issue. Users want to always not trust and verify emails by using this as a trigger to log into the social media platform for their link. If it were indeed a violation, there would be a notice in their profile. Also, people must rely on something other than the links in an email but check the source and visit the actual website or application. When reviewing this email sent, it says "Hi Dear User," clearly a grammar mistake and not one from a large US-based organization.”