Hackers have compromised and published private messages from at least 81,000 Facebook accounts and are selling them online in exchange for money (10 cents per account), reports the BBC Russian Service.
- In September, a user called FBSaler appeared on an (unnamed) website stating that they sell personal information of Facebook users, and that their database included 120 million accounts.
- The BBC took the help of cybersecurity firm Digital Show which examined the messages and confirmed the veracity of the claim. It found that more than 81,000 of the profiles posted as samples, did, in fact contain private messages.
- Hackers told the BBC Russian Service that the stolen information was not related to the accounts compromised in Cambridge Analytica or another breach which took place in September wherein 30 million accounts were compromised.
- The hackers also told BBC that they were not associated with the Internet Research Agency, a group of hackers previously linked to the Kremlin and largely responsible for meddling in the 2016 Presidential Elections via Facebook.
- Many of the compromised accounts originated in Russia and Ukraine, but some also came from users in the US, UK and Brazil, among others.
Third party browser extensions behind the hack
Facebook said that the leak was not its fault, as a third-party browser extension was likely the culprit. Facebook said that this extension monitored users’ movement on the platform and sent personal information and messages back and forth to hackers. Facebook has contacted the browser maker to pull down the malicious browser extension and share information to help identify similar harmful extensions. It has also contacted law enforcement to work with local authorities and take down the websites displaying such information.
30 million accounts were hacked in September
In September, almost 30 million Facebook users’ phone numbers and email addresses were hacked; additionally, details of another 14 million users including their address, status, religion and search history were also accessed by hackers. Facebook had initially announced that 50 million accounts were hacked, and later said fewer people were impacted.
Last month, Facebook sought more time to respond when the Indian government asked it to quantify the impact of the (latest) breach on Indian users of Facebook. The company said it needed more time to evaluate the impact on Indian users.
Recently, the EU’s Information Commissioner (ICO) slapped Facebook with a fine of £500,000 for the Cambridge Analytica scandal, in which Facebook allowed third-party developer to access user data and users’ friends’ data without consent.