Social Commerce Website Trustanduse Exposed Half A Million Users - 1

Social Commerce Website Trustanduse Exposed Half A Million Users

  • Written by Ari Denial Cybersecurity & Tech Writer

Data of around 439,000 users including many businesses were exposed due to security loopholes on the social media marketplace trustanduse.com.

The 855GB database of Trustanduse unintentionally leaked on June 21 and kept exposing users’ personal and professional information for at least six months. Around 439,000 users’ sensitive data was leaked, including usernames, full names, encrypted hashed passwords, phone numbers, and Facebook IDs.

Trustanduse.com is a consumer review platform based in Athens and was founded in 2016. Consumers use this platform to rate products, services, businesses, and stores. The website was also renowned for providing offers and discounts on products.

The researchers ensure that “Credential stuffing attacks, when perpetrators use stolen account credentials to gain unauthorized access to user accounts on other systems, are unlikely. However, threat actors could use the data for spam and spear-phishing campaigns, most often in the form of con emails that try to dupe the victim into parting with money or further valuable information.”

The data held within the database indicated Trustanduse had an ongoing association with a Greek supermarket chain, Galaxias. They shared their supplier information like receipts, discounts, and special access to their website for the supermarket employees. As there was no effective authorization in place, experts were able to analyze the Application Programming Interface (API) and sandbox settings seemingly developed by trustanduse.com. Although, this is not specified on their website.

“The trustanduse.com site might not operate anymore, at least judging from the fact that it appears to have fallen silent on social media channels. However, the discovered database was actively updated, so the data could still be used for future projects, sold to third parties, or exploited by threat actors,” researchers said.

Cybernews researchers suggest everyone who has an account with Trustanduse take precautions such as:

  • Changing usernames and passwords
  • Inspecting any new emails to prevent phishing attacks
  • Sharing as little personal information as possible on Facebook
  • Ignoring text messages and phone calls from unknown numbers
Hackers Are Targeting Facebook Users Using Copy Infringement Scam - 2

Hackers Are Targeting Facebook Users Using Copy Infringement Scam

  • Written by Ari Denial Cybersecurity & Tech Writer

Hackers are emailing fake copyright infringement notices to Facebook users to obtain their Facebook account credentials.

“This email says that a Facebook account has been suspended. The reason given is that a photo uploaded to the account’s page has violated Facebook’s copyright infringement policy,” said Avanan , a Cloud and Email Security company.

The link in the email leads to a credential-harvesting site, not a page controlled by Meta Platforms Inc. Potential victims have 24 hours to file an appeal using the link or their Facebook accounts will be suspended permanently.

“The best phishing emails are believable and play on urgency. Though this email has a sender address that clearly does not come from Facebook, it’s otherwise fairly believable,” said Jeremy Fuchs, a cybersecurity analyst at Avanan.

“That’s where the hackers try to get you. And they are having success, as evidenced by the waves of these emails we’re seeing. When we see a number of similar attacks spoofing the same brand, we know that the hackers are getting people to bite,” said the researchers.

The researchers are unsure of how successful the emails have been, but it’s evident that the hackers got some sort of success. Hackers keep sending phishing emails only when their campaign proves to be working and they’re sending this copyright infringement email explosively.

The cybersecurity researchers suggested users hover over any link before clicking on it to see if it’s from a reliable source. They also suggested double-checking the sender’s address so you know if the email came from an official ID. Accessing your Facebook account directly instead of clicking on any third-party links is also a great practice that prevents credential harvesting.