Despite a year of continuous data privacy scandals, including 2018’s Facebook–Cambridge Analytica data scandal, the world has witnessed several other misuses of personal data. A year ago, Facebook vowed to empower its users with more “control,” to protect their private data, and has promised to ban dormant apps. Apart from the aforementioned scandal, Facebook recently faced another big scandal. UpGuard Inc., an Australian cybersecurity firm, reported that it found two third-party-developed Facebook app datasets on the public internet. One from a Mexican media company, Cultura Colectiva – exposing 146 GB data, containing 540 million records. The exposed dataset had Facebook IDs, Facebook account names, comments, likes, reactions, and more.  Another dataset belonged to a Facebook-integrated application, “At the Pool.” The game doesn’t have as large data exposure as Cultura Colectiva but, the compromised dataset contained passwords of 22,000 users in plaintext.
Amidst the ongoing controversies over privacy, fake news, and censorship on social media, U.S. adults do not show many changes in their pattern of using various social media platforms. Pew Research Center conducted a survey on U.S. residents, which show that Facebook and YouTube are the two most widely used platforms. Other online platforms include Instagram, Pinterest, LinkedIn, Snapchat, Twitter, WhatsApp, and Reddit.
Cybercriminals are also focusing on data-rich environments, making social media platforms a heaven for them. These online platforms offer a direct source to launch malicious cyberattack campaigns. The perpetrators are using different techniques to target a mass of online users. Reconnaissance, social engineering, and luring through malicious links are a few frequently used attack methodologies. The most used cyberattacks are –
Social malware attacks not only target individual users, but they are capable of compromising multiple computer systems of an organization.
In May 2018, security researchers found that Pakistani military distributed spyware using Facebook messenger. The targeted government officials, medical professionals, and other elite personnel of the Middle East, Afghanistan, and India. 
Phishing attacks target the login credentials and credit card details of a user. These attacks deceive users into sharing their credentials over a genuine-seeming message. In 2017, more than 10,000 Twitter users of the United States Department of Defense (DoD) received malicious spear-phishing messages. An intelligence report confirmed that it was a Russian operation that allowed Russian cybercriminals to gain access to the victim’s device and Twitter account. 
This is another common type of cyberattack used by cybercriminals. When cybercriminals specifically target the login credentials of users, it is known as credential-based attacks or credential theft. To obtain credentials, these malicious hackers try to get hold of hashes, tickets, and datasets. They try phishing methods, malware attacks, brute-force attacks, and sometimes guessing. Once they get through successfully, they can impersonate the victim to fulfill their malicious intent.
These attacks ensure that the perpetrators gain access to unauthorized, confidential data. Apart from this, sometimes, social media platforms accidentally expose sensitive personal details of its users. Russia-based social networking platform, Vk.com is one such example. The details of more than 350 million users were found exposed in a database. 
Social media can be a curse to you if you are not paying attention to your online activities. It is important that you stay aware of how cybercriminals are targeting you and how you can stay protected while enjoying the benefits of social media.