SOCIAL MEDIA

A Brief Story About Today’s Online Social Media Platforms

Individual Report ( Roll No : 53 MIS No : 19121061)

My Report Subtopic : Data Leak & Spam

DATALEAKS OR DATABREACH
We always listen and watch news about data breach and data leaks on
newspaper or television or in mobile applications. But did you know what actually
data breach or data leak is ? Well, we discuss this here,
When we want to connect to the internet, we came across many of security
issues and data breach is one of them. Before moving on next let's first understand
what is data leak and what is data breach. Although, data breach and data leak are
nearly same and it causes same destruction; they are somehow different terms which
it is due to their different originating reasons.

SOCIAL MEDIA
In data leak an attacker has stumbled onto a certain vulnerability
which he was not looking for from the get go and that result in data being
exposed or leaked or it could even be and insider of the company who by an
accident make that's same finding and that results in data being leaked or
exposed to the people who are not authorized to see it.

Data breach is very targeted and forceful attack on a company or on a

website or on an organization with the intention of stealing data. Data breach
is the most dangerous incident in cybercrime where cyber criminals take
access to the importance and sensitive information of a user, company or an
organization without any authorization of their system.

Every year lakhs of people are affected due to such data breaches
because every user's business data is always transmitting on internet , even big
company's confidential data also stored in server or connected to the local
internet and so there is always a chance to have a cyber-attack on such server
or local network.

1
 Generally, the main target of cyber criminals is corporate or
government agencies because his agencies have wide list of user's personal
data. This data includes their identity, information about their credit or debit
cards, passwords and much more. Such data is important and useful for the
hackers because such stolen information can sale in market or on the dark
web and hence they got a huge amount of profit. Most of the data breaches
happens due to the malware, weakness of password, bugs in application and
due to lost devices.

Most companies or services which we used to on regular basis also

hacked or attacked by cybercriminal and make an example for the data
leaks and breach.

Just take an example of Facebook. In 2019, 419 million user's phone

SOCIAL MEDIA

numbers, names and in some cases locations were stored on a number of

unsecured databases.

Also, Yahoo attack was unforgettable which really put the severity of
data leaks to cyber security forefront the company suffered a number of
breaches spanning from 2012 to 2016, and even one in 2013 which affected a
catastrophic 3 billion users, so taken into consideration the volume of
credentials and number of instances it is quite possible that our account or any
of our friend's account may breached at Yahoo.

If your credentials are comprised it means had actors can steal your
personal data from the companies that have it, can be bought on the dark net
marketplaces or even found in companies’ databases that are not properly
secured; the possibilities are pretty much endless for cybercriminal and that's
why you must take if any of your online account have been breached or not ?

You can surely check whether your account is breach or not on this
website : https://haveibeenpwned.com
2
 SOCIAL MEDIA
2. Enter your suspicious email id,
and click on “pwned?”
1. Visit the website :
If your account is not breached or
https://haveibeenpwned.com
leaked yet then you will get good news

3
If your account is breached , then
pwned message came
 Company Company’ Data No. of User’s Breached Type Other
s Work Breached Users of Data Information
Time exposed About Data
Breach

Indian E- August 38  Emails Reason is

Commerce 2021 million  Name unclear for this
Company  Phone Numbers breach, there
 Physical Address are arguments
that say India
Mart did this
intentionally
India Mart
SOCIAL MEDIA

Social April 2021 500  Email This data was

Media & million  Genders freely
Messaging  location available to
Application  Name download on
 Relationship dark web
Status marketplace
 Employer
Facebook

Online April 2021 22.5  Emails This 13 TB

Pizza million  Name breached data
Delivery  Purchase appeared for
Platform  Phone Numbers sale on a
 Physical Address hacking forum

Domino’s India

4
 Online October 20  Emails This data
Grocery 2020 million  DOB stored in the
Platform  IP Address form of
 Name Django(SHA-
 Passwords 1) hashes
 Phone Numbers
 Physical Address
BigBasket

Math January 25  Device This breached

Solving 2020 million Information data
Website  Email subsequently
 Social Media sold on dark
Profiles web
 Name marketplace
 Passwords

SOCIAL MEDIA
Math way

Audi Motor August 2.7  Vehicle Audi get

Site 2019 million Information severely
 Email affected due to
 VIN this breach in
Audi  Personal data after a
Information’s vender left
 Driver’s License data unsecured
 Security Numbers and exposed
 Social Media on the internet.
Profiles

Online January 17  Auth Token This breached

Travel 2019 million  Device data appeared
Company Information on dark web
 Email for sale
Ixigo  Genders
 Salutations
 Social Media
Profiles
5
 Name
 Passwords
 Phone Numbers
 Indian May 2015 4.3  Emails This breached
Motoring million  Genders data is stored
Website  IP Address in form of
 Name plain text and
Gaadi  Passwords as MD5 hashes
 Phone Numbers
 Geographic
Locations

Spam, it may be defined as spreading same message repeatedly about

the one topic on various sites and services like email, Facebook, Instagram
and much more.
SOCIAL MEDIA

For an example, repeatedly getting same video on WhatsApp.

Generally in the whole world most spamming occurs in email services. In fact,
you will notice spam folder in your corresponding email account. After the
email services the next place where most spamming occurs are the social
media websites like Facebook, Instagram, Snapchat, WhatsApp, telegram etc.

Here are some spam deals or messages which are viral or getting on
WhatsApp, Facebook and Instagram :

6
 In some cases, you get a message where they say that if you want to open this
or if you want to take advantage of this scheme, you must share this message to 10
people or the group of the people and most of us in the greed share such messages
which give birth to the spamming. Actually no one else but we own spreading
spamming and are responsible for spreading spamming.

There are many reasons for execution of spamming the top two reasons are;
 Advertisement
 Personal Gain

1. Advertisement

SOCIAL MEDIA
Many of the small business or services took spamming as publicity
option or they use to advertise their services or their good. The aim of their
spamming is not to harm anyone but advertising their services so that to
increase their customers or the users and for the use spamming as an
advertisement tool.

Many of the website owners want to increase their number of viewers

or view hit, such people put or paste their websites URL to the various
random places like in comment section of Facebook, Instagram, Snapchat or
sometimes in YouTube too. They even spread their URL into WhatsApp for
telegram and any other messaging services with some greedy any spam
message, so many people get catch into their trap and as a result their view
hits get increased.

2. Personal Gain

Many times, from the spam message you get discount offers or the
limited time offers and there are links to explore such offers. But if you click
on such links and reach a specific website then there are 2 high probability
7
chances.

 Chance 1 :
 Website it is genuine and the motive of the spam message is
advertisement and to get viewers for that website. So, in this case there is
no harm to your side.

 Chance 2 :

In second case website look like a genuine website. That mean the
website is not secure and you click on phishing link which reached to
you by the spam message.

Most of the phishing links are intended to bring you to web pages that
just work. That happens to look like something they are not.

For example, after clicking on a link of discount offer, website open

and you may notice a brand-new phone is getting offer at a low price and
you click for buy. It may take you to a page that look like PayPal or any
SOCIAL MEDIA

other merchant transaction login page. But if you don't notice that the
website is not really PayPal and you try to get sign in the chances are you
get 'sign in failed' message. Because it was not really PayPal; they did not
want to use your credential that you just provided them to log into PayPal.
They want to collect your credentials back to you just typed in. Now you
might be screwed.

If you get to a situation where you suddenly realize you have clicked on a
phishing link and you have tried to login to a site that would not let you in.
Immediately close that site and follow given instructions:
1. Go to that site in other way. In other words, in PayPal case go to the
original site that means paypal.com and immediately try to login by
yourself.

2. Make sure that all of your security is up to date.

3. Make sure you have got a recovery information correct.

8
4. And really consider adding two factor authentication.
5. There is very strong argument that says even if everything looked ok,
even if you managed to signed in correctly with your old password;
change the password anyway.

It is possible that the hacker just has not gotten their it and have your
login information but they have not gotten around to changing your
password. So, invalidate information they have.

6. Change your password to something strong and unique as you should.

That way, the information that you handed over to the hacker is no
longer valid and is no longer something they can use to compromise your
account.

SOCIAL MEDIA
Now the other scenario when it comes to phishing is really less about
a phishing and more about the malware.

If you click on a link and you suddenly get a download, especially

when you did not expect any download of any sort. Stop the download. It is
very possible that what you received is a phishing and it is trying to installing
a malware by downloading it.

So, always check the links before click and if you accidentally
clicked the link, then don't it do a login or sign in if the site is not genuine.
Always check to the URL of site. And run a anti malware scan.