Think It's Just a Harmless Selfie? Think Again.
Kaspersky reported a major rise in cybercriminals stealing people's selfies and other biometric data, such as fingerprint, face, voice, and iris templates required for registration or identification purposes. Nearly 1 in 3 computers processing this data were found to be targeted by malware. In one such attack, Suprema's Biostar 2 was victim of a hack that resulted in the breach of more than one million users.
Reports of selfies included in data breaches are nothing new. In 2018, Sixgill reported that more than 100,000 documents containing IDs or passports, proof of addresses, and selfies were listed for sale on a dark-web forum for $50,000. Some smaller, more affordable packages were offered by the same seller for only $70. This is alarming because, with a surge in online-only banking, accounts can be opened by uploading scans of an ID, along with a selfie to identify their identity. These make committing identity theft so much easier for a cybercriminal.
Outside of situations where biometric data required for registrations are breached, selfies posted elsewhere online are also at risk of misuse:
- Selfies are often stolen and used by scammers to carry out romance scams.
- Exif data stored on photo files lets others know exactly when, were, and with what type of device the photo was taken.
- Details in the background of the photo can disclose private information. For example, that free calendar you picked up when getting an oil change - if it's in the background, it just disclosed your neighborhood to anyone viewing the photo.
How Can I Protect Myself?
Use an account monitoring service that will let you know when your information has been included in a data breach. This will allow you to take swift action to protect your data and ensure that the breach's effects don't lead to identity theft.
Ask questions. When asked to provide biometric data to register with a website, ask why the information is needed. If determined that it is necessary, ask additional questions to determine if your personal data is being protected to high standards.
Be careful who you share your selfies with. Facebook and other social networking sites provide options to allow only friends to view their photos. You can find this in your account's privacy settings.
