Hacked Facebook accounts are being sold on the dark web, showing the value of such accounts after the social network revealed 50 million of its users had been compromised in a major hack.
We have already seen how dozens of listings appeared on the underground markets on the dark web, offering buyers personal data of Facebook for as little as $3.
Experts had already warned that criminals will exploit the data to commit identity theft or blackmail Facebook users with compromising information. Now it looks like the hackers have published the private messages from at least 81,000 Facebook users’ accounts.
According to the BBC, the perpetrators called the BBC Russian Service to reveal that they had details of 120 million accounts, which they are trying to sell.
Facebook has already released a statement earlier that its security had not been compromised, and the data must have been probably been obtained through malicious browser extensions. We have taken steps to prevent further accounts from being affected, Facebook added.
BBC, says that many of the users whose details have been compromised are based in Russia and Ukraine, and a few from the US, UK, Brazil and the rest from other places. The hackers offered to sell access for 10 cents (8p) per account, but this advert was taken down.
“We have contacted browser-makers to ensure that known malicious extension are no longer available to download in their stores,” said Facebook executive Guy Rosen.
“We have also contacted law enforcement and have worked with local authorities to remove the website that the displayed information from Facebook account.”
Personal (Intimate) Correspondence on Sale.
BBC further elucidates how the breach first came to light in September, when a user nicknamed FBSaler appeared on a forum saying “we sell personal information of Facebook users. Our database includes 120 million accounts.”
The BBC asked the cyber-security company Digital Shadows to check if the claims are true, and found that indeed there are more than 81,000 of the profiles posted online and contained private messages.
Data from further 176,000 accounts were also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it.
The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs. One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. Intimate correspondence between two lovers was also on sale.
It looked like the website containing all the leaked correspondence was set up in St Petersburg. The Cybercrime Tracker service has flagged the IP address. It was found that the said IP address was used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.
Who is responsible for this mess?
Bookmarking application, puzzle games, shopping assistance these third-party extensions are the offering from Chrome, Opera and Firefox. These little icons on the browser wait patiently for you to click on them, and then they invade your privacy.
It was one such extension that quietly monitored victims’ activity on the platform and sent personal details and private conversations back to the hackers said Facebook,
Facebook has not revealed which extension is that since it believes the leak was not its fault.
Experts are not buying this statement from Facebook, because they say if Facebook knows that a notorious extension was watching the behaviour closely, the browsers’ developers might share some responsibility for failing to vet the programs, assuming they were distributed via their marketplaces. Nevertheless, this latest news is bad for Facebook.
A lot of questions will be raised by the way Facebook has handled the situation. It has been a terrible year so far, and with these kinds of data breaches that affect large numbers of people, it raises doubts as to how proactive they are.