Unsurprisingly, the price of each account is just 10 cents (8p).
Last September, the social media giant Facebook revealed that it suffered a data breach in which hackers managed to steal access tokens of over 50 million accounts after exploiting a vulnerability in its View As feature.
A couple of weeks later, after conducting an investigation, the company revealed that only 29 million users were affected by the breach and had their personal data stolen but users’ private messages were not among them.
However, now, BBC has reported that hackers are selling private messages of 81,000 Facebook users’ accounts and claim to have access to details from a total of 120 million accounts. Most of the targeted accounts according to BBC belongs to users in Russia and Ukraine while some from Brazil, the United States, and the United Kingdom.
The report further states that the listing was discovered in September on an Internet forum being sold by a user going by the online handle of FBSaler. Furthermore, the BBC Russian Service got in touch with five victims who confirmed that their private messages were stolen.
Screenshot of sample data (left) – Screenshot of private messages of victims uploaded by hackers on the forum (Image credit: BBC)
“One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode (British rock band) concert and a third included complaints about a son-in-law,” the report said.
Unsurprisingly, the price of each account is just 10 cents (8p). Facebook, on the other hand, has denied that its security was breached and maintains that it could be possible that hackers got their hands on such sensitive data through malicious browser extensions which should not come as a surprise as there are tons of malicious and non-malicious browser extensions stealing Facebook and other sensitive data on daily bases.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Guy Rose, Vice President of Product Management at Facebook.
At the time of publishing this article; hackers had removed their listing from the online forum. However, if you are a Facebook user make sure the extensions installed on your browser are not stealing your data by going through its privacy section. Also, keep an eye on its review section to verify if users have already commented about the malicious nature of the extension – Last but not the least, delete unnecessary extensions.
