Facebook account data of 120 million users, including their personal chats, were allegedly compromised and put up for sale on the Internet, BBC Russian Service (https://bbc.in/2CY6ieS) has reported. The hackers apparently released the personal data of about 81,000 of these users. The breach was discovered in September when a user named FBSaler put out an ad on an English-language internet forum offering access to the data at 10 cents a handle. It looks like the advertisement has since been taken down and no longer available.
Facebook told BBC in a statement that its security has not been compromised and the data was sent out to hackers likely by malicious browser extensions. The social media giant added that it has taken further steps to prevent more accounts from being affected.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the site. Rosen did not specify the name of the browser extension that allegedly sent personal details and private messages of users back to the hackers.
As per the report, most users whose accounts were compromised are based in Ukraine and Russia, though some are from the UK, US, Brazil and elsewhere as well. BBC independently verified with the help of cyber-security company Digital Shadows that the compromised data of the 81,000 users included private messages.
The site then contacted the users whose accounts it had verified who confirmed the personal data were theirs. This included chats from different users about a recent Depeche Mode concert, photographs of a recent holiday, complaints about a son-in-law as well as intimate conversation between two lovers on Facebook.
“Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it,” the report reads.
Facebook is under the radar for security-related issues on it platform, after multiple reports of breach. Last month, the company posted about a vulnerability in its code that lets people preview how their profile appears for others. Facebook claimed that 30 million users had their access tokens stolen by exploiting 400,000 accounts.