While user privacy is top of everyone’s minds when it comes to Facebook these days, a report from Motherboard this week sheds light on criminal activity on the platform.
Independent security researcher Justin Shafer reached out to the publication with the information and its report cites public posts of users trying to sell social security numbers and other identity data on Facebook.
The public posts also includes some which seek to sell stolen credit card data, and some posts were years old. Motherboard checked the veracity of the data shared in the posts and says it can “confirm the first four digits of the social security numbers, names, addresses, and dates of birth for four people whose data appears in a post from July 2014”.
Finding public posts on Facebook is ridiculously easy for anyone, and you don’t even have to be a Facebook user to view them. The right Google search will throw up public posts, which can also be accessed in Incognito mode without being signed in.
“Most of the posts appeared to be ads made by criminals who were trying to sell personal information. Some of the ads are several years old, and were posted as ‘public’ on Facebook, meaning anyone can see them, not just the author’s friends,” the report said.
What is most alarming here is that some of these posts are many years old, and Facebook’s much-touted content scanning algorithm should have flagged them, if not taken them down automatically. As digital security trainer Matt Mitchell told Motherboard, “On their (Facebook’s) end it’s pure laziness to wait for an abuse report to stop post that are following a doxing template.”
Facebook did not respond to Motherboard beyond saying that they would look into it. Motherboard reports that some posts from the Google search results shared with Facebook were removed.