Social media has become a hotbed for many cybercriminal activities in recent years. Attackers and hackers are attracted to such platforms as they make finding and engaging targets insignificant, are cheap and simple to use, are easy to make fraudulent accounts, and enable the distribution of malicious content at an unprecedented efficiency and scale.
Advanced and big-scale cybercrime on social media platforms has become mainstream, from the Russian operatives using Twitter to spear phish and dispense malware to a Vevo breach attack stemming from a LinkedIn phishing attack.
The worst social media data breaches are getting more frequent and more dangerous. This post collected a list of the worst and damaging social media attacks of all time to show the increasing need for protecting these platforms.
- Vevo hacked through a targeted LinkedIn phishing attack, approximately 3.12TB exfiltrated
The streaming platform Vevo encountered a data breach in 2017 when one of its staff was phished through LinkedIn. Fraudsters obtained and publicly released 3.12TB worth of the firm’s sensitive and confidential data.
The professional social network enables attackers to quickly determine their target at a certain company and send them a bespoke message, all under the auspices of professional recruitment or networking.
- Phishing Twitter direct messages sent to customers from a compromised bank account
In 2011, an Australian bank encountered the worst-case scenario for an account takeover. Criminals didn’t vandalize the account or post seditious messages. As an alternative, they send direct messages to Twitter followers asking them to disclose sensitive financial institutions.
Most account hacks are embarrassing and expensive from a brand and public relations perspective. However, they can also be utilized for big-scale cyber attacks against a brand’s most engaged and loyal followers.
- LinkedIn breached, exposing 117 million accounts
In 2016, the social network itself got breached. The LinkedIn data dump was the seventh biggest in history by a sheer number of compromised items. That data breach that originally happened in 2017 lead to an eventually 117 million exposed email address and password combination. All of these were sold on the dark web for 5 Bitcoin.
- Financial corruptions run widespread on social media
In August 2016, ZeroFOX researchers disclosed the massive underground world of financial misconduct on social media. Scammers always prey on verified banks’ followers with fraudulent financial service offerings like money flipping and card cracking.
The issue’s scale is substantial, with at least a quarter-million posts for a single form of scam on a single social network. The issue was discovered on each major social media network and led to hundreds of yearly losses.
- HAMMERTOSS malware utilizes social media as Command and Control device
In July 2015, the Hammertoss malware searched social media networks for commands posted by attacker profiles. This enables fraudsters to control the malware through social media posts.
Furthermore, the attacker group behind the malware is accountable for the attacks against the White House, the State Department, the Joint Chiefs of Staff, and other nation-state governments like Norway.
The approach to weaponizing social media proves the need to assess and investigate social media as a full lifecycle attack vector.
- Fake social media personal delivers malware to employees through social media
In 2017, attackers made a convincing fake persona—a London-based photographer named Mia Ash connected with corporate staff. The attacker distributed a Remote Access Trojan (RAT) known as PupyRAT through the social media honeypot accounts to take over the controls of victims’ devices. The persona obtained accounts across numerous social media networks.
- Third party app results to hundreds of high-profile account compromises
TwitterCounter, a third-party app, allowed Turkish-language attackers to take over controls of high-profile accounts. They posted destructive messages over the Netherlands after a antagonistic week of failing relations between Turkey and the Netherlands and essential elections in both nations.
The breached accounts included a series of global brands and well-followed verified accounts such as Amnesty International, UNICEF, the European Parliament, Starbucks, the official Bitcoin Blockchain account, and Forbes.
- Twitter spear-phishing outbreak nets word leaders
In July, the Twitter accounts of some of the most influential individuals in the world like Kanye West, Joe Biden, and Barack Obama all posted malicious tweets requesting Bitcoin.
The hack encouraged immediate questions and panic about how numerous high-profile accounts were hijacked. The master turned out to be a 17-year-old guy from Florida who was immediately detained, together with some associates.
The fraudsters scammed Twitter users out of a little over $100,000 but caused a massive scandal.
- Zoom encounters scrutiny after series of attacks
Cybersecurity problems of Zoom are numerous stories rolled into one. In April 2020, half a million Zoom passwords were discovered being sold on the dark web. Hijackers gathered such passwords through credential stuffing and packaged the compromised accounts into a new database.
Hackers utilized advanced bots to get around Zoom’s instinctive force protections, testing filched data until they discovered matches.
- Google+ shuttered over data breach risk
Most were surprised to find that the social media platform Google+ was shuttering as it had started to take off. Google discovered that a bug in the system unveiled more than 500,000 user’s information.
The company was further worried that it had taken them more than two years to see the bug. Google does not think the data breach led to anyone using data to hurt people. However, they decided the risk was too massive. Hence, they shut the entire thing down instead.
- 87 million Facebook data breach
In 2018, Facebook finished its comprehensive investigation into the Cambridge Analytica data breach. It had gone back years when a Cambridge University researcher made a 3rd party personality app.
More than 300,000 Facebook users installed it and volunteered their personality data on both themselves and others, which extend the breach’s reach. The app later supposedly sold the results to Cambridge Analytica, an activist group.
Social media data breaches are not an unlikely event. While these platforms take them seriously and work to safeguard their users, data breaches are unavoidable.