Wednesday, 23 January, 2019

Hackers put private messages from 81,000 Facebook accounts up for sale

Hackers put private messages from 81,000 Facebook accounts up for sale Hackers put private messages from 81,000 Facebook accounts up for sale
Sherri Watson | 03 November, 2018, 17:37

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores", Facebook executive Guy Rosen told the site. "It is however, more likely that the published list of 81,000 accounts is all that the cybercriminals have, and they are looking to cause disruption and fear".

The big picture: The latest security breach involving Facebook may not be the company's fault.

"The breach as first discovered in September when a user going by the name FBSaler posted this on the social media: " We sell personal information of Facebook users. And the hackers themselves, when contacted by the BBC, said the data had nothing to with the recent security breach or the data stemming from the Cambridge Analytica scandal.

So far only 81,000 users had their conversations leaked online but, according to the group that obtained all the data, over 120 million accounts could be affected. To steal the information, the well-known method of malicious desktop browser extension was used. The advertisement listed online said that full access to personal messages can be obtained at $0.10 per account, and it listed 81,000 of the profiles as samples for buyers.

According to the report, many of these accounts are based in Ukraine and Russian Federation, though some are from other countries, including the USA, the United Kingdom and Brazil. At least in one case, the data published included "intimate correspondence between two lovers", according to the report.

Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it. Rosen said the social network had notified law enforcement, had the website hosting the Facebook account data had been taken down.

BBC also contacted some Russian Facebook users and confirmed that the private messages were theirs.

A reply in English came from someone calling themself John Smith.

But Digital Shadows told the BBC that this claim was doubtful because it was unlikely Facebook would have missed such a large breach.