3 Major Predictions from the Facebook Data Breach

#1

Hey guys, whatsup?
Exactly 17 days ago, I wrote about the Facebook data breach and what users should keep in mind to keep their accounts safe.

On Friday, October 12, Facebook provided an update to the situation.
See below

Screenshot_20181013-171619_1539619196754
Screenshot_20181013-171619_1539619196754.png690x887 255 KB

Facebook acknowledged that the following information were accessed by the hackers:

  • Email
  • Phone Number
  • Date of Birth
  • Current/Previous Location
  • Device type
  • Education
  • Work

And others like gender, religion, liked pages, etc. It claims the hackers didn’t get hold of users’ passwords and credit card details.

While the information accessed may look harmless, I personally believe they would form the basis for widespread attacks in early and mid-2019 once this information start trading on the dark web. If they don’t already.

Here are my top 3 predictions:

  1. Sniper: A new and silent, killer Ransomware
    This corporate/industry nightmare will hit again following the Facebook attack. Unsuspecting users to get similar emails as they’ve always received, but with ransomware packages. “Sniper” will be planned not to become as widespread as WannaCry to evade security analysis tools. A long time will pass before it will be detected.
    At the very minimum, this is a $300m Ransomware

  2. Physical attacks and kidnapping: the rise of a new “Phinternet” ring
    Dementia is slowly creeping into every facet of the world, and in the industry it takes the form of Hacktivism. With the information these hackers have stolen from Facebook (religion, location, phone number,…) I see a new ring arising who will make use of these to launch targeted, physical attacks on unsuspecting people. Call these guys, “Ghost”

  3. Major, Major Identity Theft
    When people are mapped out and become predictable, identity theft becomes inevitable, and with the slew of PII (personally identifiable information) from this data breach, we should all get set to witness people arriving 30 minutes before their planned arrival, or receiving money through “alternative accounts.”
    (Both cases, identity theft)

In all these, individuals and corporates need to be made aware and trained (beyond the usual), beforehand.
These predictions would either not see the light of day, or at least 80% of it will come true, with the entire precision of timing, figures and attack vector.

Extra: Credit Card Theft to follow. Lazy password culture on Facebook to be the vector