November 2, 2018 at
There are indications that cybercriminals may have compromised and published private messages from over 81,000 Facebook accounts. The attackers informed the BBC Russian Service that it had the details of 120 million accounts, which they were planning to sell. However, there are reasons to be skeptical about the figures posted by these hackers. In a swift reaction, Facebook said its security hasn’t been breached and the data may have been gotten through malicious browser extensions.
Facebook further indicated that the necessary steps have been taken to prevent any further hack. However, the BBC acknowledged that most of the users whose details were compromised are based in Russia, Ukraine, Brazil, the UK, the US, and other areas.
The hackers have offered to sell access to each account for 10 cents. Nevertheless, the advert used for this purpose has been taken offline. According to Facebook executive Guy Rosen,
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
The breach was first noticed in September when a post from a user with a nickname “FBSaler” appeared on an internet forum. The user wrote that they deal in personal information for Facebook users with 120 million accounts up for sales. Digital Shadows, a cyber-security company further examined the claims by this user on behalf of BBC. Digital Shadows confirmed over 81,000 profiles posted online as a sample of compromised private messages. Furthermore, data from additional 176,000 accounts were made available online. The BBC Russian Service on its part contacted five Russian Facebook users whose private messages were uploaded and they confirmed the posts were theirs.
Who should take the blame?
Bookmarking applications, mini-puzzle games, and personal shopping assistants are some of the offers you will see from different browsers including Firefox, Opera, and Chrome as third-party extensions. The icon that gives access to the hackers to your account normally sits alongside your URL address bar waiting for you to click it.
Facebook said it is this one of this extension that monitors the activities of victims on the platform before sending private conversations and personal details back to the hackers. Though Facebook hasn’t named the particular extension, there are indications that it will not accept that the leak was its fault.
Independent cyber experts express that if the extension was the reason for this hack, then the developers of these browsers have a huge responsibility to share regarding their failure to vet the programs before distributing it to the marketplace. Notwithstanding this, the hack isn’t a good news for Facebook.
Earlier last year, Facebook experienced a terrible data security breach and many are questioning if the network has the ability to respond to this situation considering the number of people affected. The BBC Russian Service sent a mail along with the hacked details to the advertiser if the breached accounts were related to those involved in the Cambridge Analytical scandal or the ones revealed on the September security breach.
A reply from username “John Smith” indicated that this latest information is unconnected to the previous incidents. He further claimed that the group has 120 million users data to sell with 2.7 million belong to Russians. However, Digital Shadows informed BBC that it was doubtful of the claims made by this hacking group.