Hackers appear to have compromised and published private messages from at least 81,000 Facebook users' accounts, a report by BBC says. The news platform claims that hackers had put a price of 10 cents (approx Rs 7) per account but now the sale advertisement has been taken offline. The breach reportedly first came to light in September, when a post from a user nicknamed FBSaler appeared on an internet forum. “We sell personal information of Facebook users. Our database includes 120 million accounts,” the user had reportedly written.
BBC notes that many of the users whose account details have been compromised “are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.” It also says that cyber-security company Digital Shadows examined the claim in the advertisement on behalf of the BBC and confirmed that “more than 81,000 of the profiles posted online as a sample contained private messages.” It also says that data from 176,000 more accounts was also made available.
“The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs. One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. There was also an intimate correspondence between two lovers,” the BBC reported.
Meanwhile, Facebook has claimed that the platform’s security had not been compromised and that the data could have been obtained through malicious browser extensions. “We have contacted browser makers to ensure that known malicious extensions are made unavailable for download in their app stores. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts,” Facebook Executive Guy Rosen said.
The report comes a month after 50 million accounts were allegedly hacked. Facebook had later later claimed that the number of accounts compromised was 30 million. Facebook said that cybercriminals found a flaw in the platform’s ‘View As’ feature and exploited the vulnerability in Facebook’s code that existed between July 2017 and September 2018. It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.