Hackers Publish Private Messages From 81,000 Facebook Accounts

Hackers Publish Private Messages From 81,000 Facebook Accounts

Facebook has denied hackers gained access to its servers and instead blamed the breach on users who have installed malicious web browser extensions that can store private messages. These accounts are being sold for 10 cents each. It maintains that this particular data breach was not its fault, and urged browser-makers to exercise more caution.

FBSaler first marketed this database on an underground hacking forum called BlackHatWorld where the seller stated that "We sell personal information of Facebook users".

The platform where the data was posted appears, or has been made to appear, to have Russian links, the BBC investigation found. Just weeks ago, hackers compromised tens of millions of accounts on the social network, USA Today reported.

The BBC reports that a shady group had reached out to them attempting to sell Facebook data on what the hackers claim, dubiously, is 120 million accounts. However, with so many extensions available, malicious parties have many options: compromise existing software through insiders or poor developer security; release their own seemingly benign plug-ins that provide a useful function alongside snooping; or buy extensions from developers and then update them to include malware.

Several users whose details have been compromised were based in Ukraine and Russian Federation but some were also from the UK, US, Brazil and elsewhere, the report said on Friday.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September. Out of that 120 million approximately 81000 of them were believed to contain private and intimate messages.

But Digital Shadows told the BBC that this claim was doubtful because it was unlikely Facebook would have missed such a large breach.

Facebook became aware of the website hawking information from user accounts and started investigating about a month ago.

John Smith did not explain why he had not advertised his services more widely.