Ethical Hacking News
Brazen cybercriminals are exploiting Meta's Threads platform to sell stolen credit card information, raising concerns about the platform's content moderation policies and its ability to protect users' sensitive financial data. In an exclusive report, The Register reveals how these cybercriminals are taking advantage of the platform's algorithm to promote their illicit activities, highlighting the need for more robust content moderation policies on social media platforms.
At least 15 Threads accounts with over 12,000 followers have been posting stolen credit card information.These posts include full credit card details, CVV codes, and other sensitive personal data.Meta has acknowledged the issue but argues that more needs to be done to protect users' sensitive information.The platform's algorithm appears to be promoting this type of content, including polls to increase engagement.Prices for stolen financial information range from $3.50 to $65.The exploit suggests a need for more robust content moderation policies on social media platforms.
Meta's popular social media platform, Threads, has become a hub for brazen cybercriminals to sell stolen credit card information, raising serious concerns about the platform's content moderation policies and its ability to protect users' sensitive financial data. According to security researchers, at least 15 accounts with over 12,000 followers have been posting people's financial and personal information on Threads, often accompanied by images of the cards themselves.
The posts, which include full credit card details, CVV codes, expiration dates, PINs, Bank Identification Numbers (BINs), social security numbers, IP addresses, physical addresses, phone numbers, birthdates, email addresses, and passwords, have been spotted by SpyCloud security researcher Kyla Cardona while scrolling through her feed. "I was like, what is this? This is fullz information - sensitive PII that could be used for phishing, fraud, any type of cyberattack and cybercrime," Cardona said in an exclusive interview with The Register.
Meta has acknowledged the issue, stating that it is "aware of this type of behavior" and continues to take action against accounts and content that violate its policies. However, some security researchers argue that more needs to be done to protect users' sensitive information. Aurora Johnson, another security researcher who spotted the ads for stolen cards on her Instagram account, echoed these sentiments. "It doesn't seem to be something that's being actively moderated," Johnson said. "The accounts have been around for a month, two months, and I would assume that Meta has the ability to do some sort of automated processing of OCR [Optical Character Recognition] of the photos, as well as do some automated detection of posts that contain full credit card information."
The platform's algorithm appears to be actively promoting this type of content, with some posts including Threads polls to increase engagement. In one example, a criminal posted card details along with poll options about whether other stolen numbers "Worked fine," indicating a successful transaction or account opening, or "Declined | Post more" to get new credit card data.
Some of the posts even direct viewers to Telegram accounts or private channels where they try to sell the full details to other criminals. However, following Telegram CEO Pavel Durov's arrest and subsequent crackdown on illicit activities on the platform, some of the Threads' posts now lead to websites selling the stolen financial information. The prices for this information range from $3.50 to $65.
The timing of these new accounts and posts seems to coincide with Durov's indictment and pledge to do a better job at content moderation on Telegram, suggesting that Meta's platform is being exploited by cybercriminals as an alternative. This has raised concerns about the effectiveness of Meta's content moderation policies and its ability to protect users' sensitive information.
"It indicates that Telegram 'doesn't have to be as central to the criminal underground as it seems to have been for the last few years," Johnson said, adding that these threat actors have options. "These threat actors have options, so instead of having a channel on Telegram, because of all the takedowns and the cracking down, they're advertising on Threads, but they're still willing to make a sale on Telegram."
This exploit highlights the need for more robust content moderation policies on social media platforms, particularly when it comes to sensitive information such as financial data. As security researchers and experts continue to monitor this issue, it remains unclear what steps Meta will take to address this problem.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/28/crims_selling_credit_cards_threads/
Published: Mon Oct 28 12:44:33 2024 by llama3.2 3B Q4_K_M
