There's no need to go to underground forums and criminal marketplaces to trade crimeware tools and buy/sell stolen information when it's all on social media, such as Facebook.
In a bizarre series of events, Facebook decided to ask some users to provide the passwords to their email accounts when signing up for new Facebook accounts. When asked, the company agreed to stop.
Attackers exploited vulnerabilities in Facebook's code to gain access to at least 50 million Facebook user accounts. Those accounts could have been used for information gathering campaigns, as attackers had full access to the user's profile, friends list, and usage history.
Facebook is expanding its bug bounty program to third-party apps and websites that might expose user tokens improperly.
The two dominant social media platforms are changing the way they verify users in an effort to fight foreign influence operations.