A new security breach claims to have compromised around 120 million Facebook accounts. BCC News has confirmed that more than 81,000 of these profiles have had their private messages taken online to be sold. All the info obtained from this hack is being offered for 10 cents per account. Most of the accounts that have been compromised seem to be from Russia and Ukraine. However, a good number of these hacked accounts are from UK, US, Brazil, and other places as well.
Private Messages From 81,000 Facebook Accounts Up For Sale
This breach of Facebook’s accounts first came to light when a user with the alias FBSaler took to an English-language forum to sell these accounts. “We sell personal information of Facebook users. Our database includes 120 million accounts”, the user said. BBC news, with the help of a cyber-security company Digital Shadows, confirmed that over 81,000 of these profiles had their private messages included in the posted samples.
BBC reached out to a few of these affected users, who confirmed that the exposed messages are indeed theirs. One of the sites where samples of these affected accounts had been posted is said to have been set up at St Petersburg. The Cybercrime Tracker service has since flagged this IP address. It was uncovered that the site was being used to spread the LokiBot Trojan. This virus has become infamous in recent days as it lets attackers access affected user’s passwords.
The samples of hacked Facebook accounts also contained information such as email addresses and phone numbers from 1,76,000 other accounts. However, this data could have been grabbed from users who have their user profiles set to public.
Who’s To Blame?
BBC went as far as to get in touch with the seller of these hacked accounts by pretending to be an interested buyer. A person calling themselves John Smith responded to the emails. BBC inquired if the compromised accounts were the same as those involved in the Cambridge Analytica debacle or a subsequent security breach that happened in September. The seller responded saying that these newly breached accounts had nothing to do with the previous leaks.
The seller goes on to say that their database includes 120 million compromised accounts. However, Digital Shadows is highly skeptical of this claim as it believes Facebook would have noticed if such a massive breach had occurred.
Facebook’s Response
Facebook claims that its databases haven’t been compromised in any way. The source of these leaks has been narrowed down to malicious browser extensions. Typically offered in popular browsers such as Chrome and Firefox, these add-ons or plugins generally disguise themselves as bookmarking tools, shopping assistants or even games. Facebook says that one such extension was likely used to discreetly monitor victims’ activity on its site, which was followed by acquired data being transmitted to the attackers.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts,” said Guy Rose, Vice President of Product Management at Facebook.
Independent cyber-experts say that if such rouge extensions are, indeed, to be blamed for this attack, then the corresponding browser’s developers are also partly responsible, considering they did not adequately assess the programs, especially, since these were likely spread via their marketplace.
