Back to Blog

What the Facebook Breach Has to Do with Online Holiday Shopping

Person Deleting Facebook

As the holiday season approaches remember to protect yourself against fraud, which increases during this time of year. Every year, more and more people gravitate towards online shopping, making fraudulent activity harder to identify. Therefore, it’s important to pay more attention to your online practices and how they could potentially make you a victim.

According to Adobe Digital Insights, which tracks 80% of online spending for the largest of the top 100 U.S. retail websites, 2017 set multiple records for the holiday shopping season. Here are a few of the highlights:

  • 108.15 billion dollars was processed online in November and December combined.
  • 5 billion dollars was spent in 24 hours on Black Friday.
  • There was a 16.9% increase in online spending on Black Friday (compared to 2016).
  • More than 1 billion dollars were processed online, daily for 22 days straight in November.
  • Cyber Monday was the largest online shopping day in the history of the United States with 6.59 billion dollars in online sales.
  • Shopping with mobile devices increased by 16.8% over 2016.
    • 42% of Thanksgiving online shoppers made purchases with a mobile device.
    • 50% of Christmas online shoppers made purchases with a mobile device.
    • Cyber Monday sales with mobile devices exceeded 2 billion dollars for the first time.

Predictions for the 2018 holiday online shopping season indicate that the numbers are going to continue to grow, with E-commerce reaching into the neighborhood of $124.1 billion.


Edge Security

Protect Your Identity with Edge Pay

Monitor your credit and secure your finances with our modern debit card.

Learn more


How the Facebook breach could be a doorway to your online accounts

Fraudsters continue to find new ways to steal your personal data and leverage that data for their personal gain. In September 2018, Facebook acknowledged that more than 30 million Facebook authentication tokens had been stolen in a security breach. These tokens were stolen when the “view as” feature, which allows the Facebook profile to be viewed as other users might see it, was exploited. The code behind this feature was weak enough to allow hackers an opening to steal the authentication tokens for those Facebook accounts.

Today, many websites will allow you to sign into their site using your Facebook credentials instead of your password. This has become so common that many people default to this method because it simplifies the sign-in process. However, independent researchers are concerned that the stolen tokens may be a “back door” into the thousands of websites and third-party apps that will allow a person to use their Facebook credentials for verification. If you have an account at a website or third-party app that uses the same email address as your Facebook account, and there is the option to sign in using Facebook, the password that you established may be bypassed by using the stolen token. Once the fraudsters have gained access through this path, they have the same authority as the real account owner (you). The proverbial door is open for exploitation.

It’s important to note that 51.7% of Facebook users now access the platform exclusively with a mobile device, and over 95% of all users will use a mobile device to access Facebook on occasion. The reason for mentioning this is, that the ease with which we are able to access the internet with our mobile devices makes it easy to forget that we are still using a computer that opens us up to all of the dangers that exist on the internet.


How can you protect yourself against holiday fraud?

In this day and age of cell phones being used for so much more than just making calls and tablets for much more than just reading, we need to admit that life is more complicated with each connection point. One way to help protect your online identity is to use one email address for your social accounts and a different email for your shopping and financial identities. This way, if a compromise is found in one platform, it should make it harder to leverage that compromise to exploit your other online identities. You may also want to delete card information you have stored on E-commerce sites that you frequent. Doing so might make it less convenient to shop on those sites, but much safer if a fraudster gains access.


Your Credit Card Can Earn You Money

It’s true. Find out how you can profit from your spending.

Download the eBook

About Risk Management Department

Our vision is to empower possibilities for greater prosperity for Vermonters. Part of fulfilling that vision is protecting our members’ accounts against unauthorized access. The security of your personal information is a top priority for VSECU. Are you afraid that your financial information at VSECU has been compromised? Please contact us immediately at 1-800-371-5162. We can help with the process of securing your accounts and may even be able to help mitigate your loss.

Reading on Phone

Stay informed

Stay up to date on financial tips, tricks, and tools that will build your financial literacy and help you live a more prosperous life.

Subscribe now!