Recently leaked data from 15 million Facebook accounts included names, email addresses, and phone numbers, while a further 14 million accounts had their usernames, date of births, gender, devices used, language settings, and possibly their relationship statuses, religion, hometown, current city, work, education, past 10 location checkins, and past 15 searches leaked. Using this information, spammers would be able to target victims at highly granular levels, even using it to target specific individuals. In one popular email scam, authors try to blackmail victims by convincing them that they have compromising pictures (or something else) of the target, using hidden personal information to make their threats and claims seem more convincing. It can also help attackers create specific spear-fishing attempts that use names and addresses similar to places one has actually visited or companies with whom one has done business. Making social media hacks of this sort even more threatening than other kinds of data breaches is that “the type of data…is not something you can change easily, it’s not like a credit card breach where you can apply for a new card or change accounts…your personal information, your name and what you do, your preferences and all of that tends to remain pretty static over the years, so unfortunately once the data is out there it becomes a threat.”
Source: A Trove of Facebook Data Is a Spammer’s Dream and Your Nightmare | WIRED