Connect with us

Technology

Hackers stole the private messages of over 81,000 Facebook accounts

Published

on


colorful mathematical stained glass shadowREUTERS/Hannibal Hanschke

  • Hackers stole the private messages of more than 81,000
    Facebook accounts, and sold them for 10 cents per account,
    the
    BBC reports
    .
  • Facebook says there’s been no breach in its security,
    and that the data was obtained using a dodgy web
    extension.
  • The BBC reports that many of the users whose details
    were stolen are based in Russia and the Ukraine.

Hackers stole the private Facebook messages of over 81,000
accounts, a BBC
investigation
has revealed.

The hackers posted ads, one of which was spotted by the BBC on an
English language web forum, offering to sell access to people’s
accounts for 10 cents each.

The BBC discovered the ad in September, which claimed: “We sell
personal information of Facebook users. Our database includes 120
million accounts.” Cybersecurity firm Digital Shadows
investigated the claim, and found that more than 81,000 accounts
put online as a sample contained private messages.

Digital Shadows also confirmed that personal information such as
phone numbers and email addresses from another 176,000 accounts
was published, but that it may have been scraped because the
accounts in question had not hidden it.

The BBC said there was reason to believe the 120 million claim
was exaggerated.

Many of the users affected are reportedly based in the Ukraine
and Russia, although there were users affected in many other
countries including the US, the UK and Brazil. One of the
websites where the hackers posted the data was ascertained to
have been set up in St Petersburg.

The BBC Russian service contacted five Russian users affected by
the hack, and confirmed the messages were theirs. The messages
included holiday pictures, complaints about a son-in-law, and an
“intimate” conversation between two lovers.

Not a Facebook breach

Facebook said the messages were not obtained through a breach in
its security, but rather a dodgy browser extension.

“Based on our investigation so far, we believe this information
was obtained through malicious browser extensions installed off
of Facebook,” said Facebook executive Guy Rosen in a statement
sent to Business Insider.

“We have contacted browser makers to ensure that known malicious
extensions are no longer available to download in their stores
and to share information that could help identify additional
extensions that may be related. We have also contacted law
enforcement and have worked with local authorities to remove the
website that displayed information from Facebook accounts. We
encourage people to check the browser extensions they’ve
installed and remove any that they don’t fully trust. As we
continue to investigate, we will take action to secure people’s
accounts as appropriate.”

Many people add extensions to their browsers, such as ad-blockers
or spell-checkers.

Continue Reading
Advertisement Find your dream job

Trending