Shutterstock
The Facebook hack just got a lot worse – private messages have been published from at least 81,000 user accounts by hackers who are putting them up for sale.
The hackers contacted the BBC Russian service, claiming they were in possession of the details to 120 million accounts, and are offering to sell access to them as low as 10 cents per account. However, the BBC said there are reasons to be skeptical about believing that number of accounts had been hacked.
The advertisement offering to sell account access first appeared in September, on an English-language Internet forum, posted by an individual with the username FBSaler who wrote: “We sell personal information of Facebook users. Our database includes 120 million accounts.” The advertisement has since been taken off-line.
The BBC enlisted cyber-security company Digital Shadows to examine the claim. The security outfit confirmed that more than 81,000 profiles, that had been posted online as a sample, indeed contained private messages.
According to the BBC, the majority of compromised accounts occurred in Ukraine and Russia. However, some accounts from the US, UK, Brazil and other territories were also affected.
In its defense, Facebook said its security had not been compromised and that the data obtained by the hackers was done so through malicious browser extensions.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen said, adding that the social media company has “contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
Browser extensions are third-party add-ons that give more functionality to the various web browsers, such as Chrome, Firefox, Opera and Safari.
Facebook claims to have identified a browser extension that covertly monitored the activity of users while they were active on the social media network, stealthily feeding personal details and private conversations back to the hackers.
However, Facebook has not named the extension or extensions at fault, and has denied any lack of security within its own platform.
If this is the case, the developers of the browsers themselves might share in the culpability for failing to vet the extensions, assuming they were distributed via their own marketplaces.
