Malicious actors have been using Meta's online social media and social networking service Threads to sell stolen credit card information, The Register reports.
At least 15 public Threads accounts with over 12,000 followers have been leveraged to post exfiltrated personal and financial details, including full names, birthdates, Social Security numbers, home and IP addresses, email addresses and passwords, full and partial credit card digits, CVV security codes, and expiry dates, and PINs and Bank Identification Numbers, according to a report from SpyCloud. Attackers have also included poll options to indicate the functionality of the stolen records. "They're crowdsourcing that the stolen credit card still works, which is kind of crazy. We saw hundreds of reactions, people responding to the polls," said SpyCloud researcher Aurora Johnson, who also noted that the accounts, which have been present for at least a month, were unlikely to be moderated by Meta. On the other hand, Meta emphasized continued action against such malicious accounts. Such a development comes as Telegram committed to bolster its crackdown against illicit usage of the platform following the arrest and indictment of Telegram CEO Pavel Durov.
