Just Fill as Required, Prevent Personal Data from Being ‘Harvested’
Early April, more than a billion user profiles of Facebook, LinkedIn and Clubhouse users were either sold or shared for free on online hacker forums in less than a week.
By
Satrio Pangarso Wisanggeni
·3 minutes read
JAKARTA, KOMPAS – Incidents of personal data leaks on several online platforms last year have apparently carried over to this year with the recent finding of personal data sharing through the harvesting of public data by way of scraping or crawling.
Early April, more than a billion user profiles of Facebook, LinkedIn and Clubhouse users were either sold or shared for free on online hacker forums in less than a week.
The data included the full names, cellphone numbers, locations, birth dates and email addresses of Facebook users from 106 countries, including 130,331 accounts of Indonesia’s users.
In a publicized statement, also released to a number of media outlets, Facebook says the data scraping was discovered in 2019, which prompted the blockage of harvesting access in August the same year.
Mikko Hypponen, an expert from the Finnish cybersecurity firm F-Secure, told Kompas on Wednesday (14/4/2021) that Facebook\'s data scraping was carried out by making use of the Find Friends feature with a cellphone number.
He said the perpetrator uploaded a large number of cellphone numbers randomly to the feature and then combined the list of Facebook accounts containing those cellphone numbers.
Cybernews.com reported on April 6 that a database of some 500 million LinkedIn users was being sold on an online forum for a minimum price of "four digits" in US dollars. The data contained LinkedIn IDs, full name, email addresses, cellphone numbers, links to LinkedIn profiles and other social media information, as well as users’ business titles.
Two days later, LinkedIn said the incident was not a form of data breach but public data scraping aggregated with the data from other sites.
"This is not a data breach. There was no personal data on LinkedIn users," an official statement by LinkedIn says.
In less than a week, audio-based social media platform Clubhouse became a victim of a similar incident. A database of 1.3 million users were found being shared on an online forum.
Given the cases, cybersecurity observer Teguh Aprianto has suggested that Indonesian netizens restrain from filling out a complete personal profile in their social media accounts. According to him, it is enough to fill in the required fields to register in order to make the data “less informative” should someone crawl for user information.
"When registering on a platform, one should better leave blank the columns that are not urgently required to fill in," Teguh said.
Filling complete information might put one at risk of falling victim to cybercrimes.
"From profiling, doxing, phishing to identity misuse," he said.
On the other hand, the absence of data protection regulations has left Indonesian citizens resigned to a lack of security.
"Home addresses and cellphone numbers might have been leaked everywhere for years. What on Earth can I do?" said Tania Listio, 26, a music teacher from Malang, East Java.