2018 has not been easy for the social network giant Facebook, which has already had to deal with issues involving Cambridge Analytica and an attack that affected millions of accounts. However, now according to the latest reports, private Facebook messages are up for sale.
A hacker group has allegedly obtained private messages from 81,000 Facebook accounts and possibly more than that, and at one point they offer access to the database for 10 cents per account, the BBC reported Friday.
In September, the BBC reports, a user named FBSaler appeared on an English-language internet forum offering to sell personal information belonging to 120 million Facebook accounts for 10 cents each. The BBC didn’t specify on which forum the seller posted their offer.
FBSaler user posted the following message in that forum:
“We sell personal information from Facebook users. Our database includes 120 million accounts.”
According to the report, many of these accounts are based in Ukraine and Russia, though some are from other countries, including the U.S., the UK and Brazil. At one point, hackers have put up an ad offering access to the data at 10 cents per account, but that ad has been taken offline.
The hackers claimed that they actually had details from 120 million accounts, though BBC asked cybersecurity company Digital Shadows to browse through the sample of data posted online and verify this number, and they were only able to find private messages in more than 81,000 accounts. A further 176,000 accounts also contained personal data such as phone numbers and email addresses, though these might’ve been obtained without actually hacking the accounts, by scraping the information from users who chose not to make it private.
However, this new stolen data appears to have been obtained through malicious browser add-ons or extensions.
The hackers themselves, when contacted by the BBC, said the data had nothing to with the recent security breach or the data stemming from the Cambridge Analytica scandal.
According to Guy Rosen, VP of Product Management at Facebook.
“Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed out of Facebook,”
He also said
“We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts. We encourage people to check the browser extensions they’ve installed and remove any that they don’t fully trust. As we continue to investigate, we will take action to secure people’s accounts as appropriate,”
Whatever its origin, the data appears to be genuine, and includes private chats between users.
Digital Shadows also analyzed data from 176,000 additional sample accounts, which included information like phone numbers and email addresses. It’s possible this data was scraped from Facebook users who had posted it publicly, whereas the other accounts appear to have had truly private messages stolen.