+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Security Researchers Raise Alarm About Credit Cards On Facebook

Jan 30, 2013, 19:55 IST

Flickr / B RosenHackers recently proved that it's possible to use Facebook as an accessory to large-scale credit-card theft.

Advertisement

The social network itself is not vulnerable—but it could help hackers find users who are good targets for credit-card fraud.

A botnet called PokerAgent infected 800 computers and stole the login details of more than 16,000 Facebook users, IT security firm ESET reports.

The threat was mostly present in Israel, but now seems to be inactive. ESET first discovered the botnet about a year ago.

PokerAgent was designed to find users who have credit cards and use them online, making them good targets for later attacks.

Advertisement

The bot was programmed to log into users Facebook accounts, and collect Zynga Poker statistics and the number of payment methods saved in the Facebook account.

The infected computers would receive a command to log in to a user's Facebook account. It would then lure that user's friends to a phishing site to collect their login credentials, as well.

ESET researchers showed a screenshot of Facebook's payment settings page. They then asserted that Facebook users should be nervous about their credit card numbers being exposed. But they did not demonstrate how hackers would access users' credit cards, since Facebook stores those on a separate system and does not expose the full number to users.

How the bot did put them at risk: By ascertaining via Facebook that they have used credit cards online, hackers could later target other attacks, using email phishing or other techniques outside of Facebook, to get at their cards.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article