Hackers are reportedly selling the Facebook private messages of thousands of users, the majority of which are from Russia and Ukraine.
According to a report from BBC News, an unknown group of hackers is selling Facebook private messages stolen from around 81,000 online users. The cybercriminals allegedly told the BBC Russia Service that overall, they have the details of 120 million Facebook users in their possession.
The perpetrators further claimed that most of the compromised accounts are from Russia and Ukraine. However, some profiles were said to be from users of the social networking site in the United States, United Kingdom, Brazil, and other countries.
Facebook claimed that its security was not breached and that the hackers obtained the data through malicious browser extensions. The social media network firmly stated that the data theft was not the company’s fault.
The embattled social networking site also confirmed that actions have already been taken to prevent other accounts from being affected.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Guy Rosen, Facebook’s Vice President of Product Management, said in a statement. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
How the Hackers are Selling Facebook Private Messages
The unknown hackers are offering access to the Facebook private messages for 10 cents per account.
“We sell personal information of Facebook users. Our database includes 120 million accounts,” a certain FBSaler wrote in an undisclosed internet forum. Digital Shadows, a cybersecurity firm, allegedly investigated the post on behalf of BBC.
Digital Shadows confirmed that around 81,000 Facebook profiles were indeed posted online by the cybercriminals as a sample. The information of a further 170,000 accounts was also made accessible. However, some details like email addresses and phone numbers appear to were scraped from public profiles.
Facebook has not divulged the name of the extension it believes to be responsible for the data leak. But, the company mentioned that the browser extension could monitor the activities of unsuspecting victims and then send the stolen information, including private messages, to the cybercriminals.
Digital Shadows got in touch with the seller who referred to himself as John Smith. He claimed that the information they have has nothing to do with the Cambridge Analytica scandal or the most recent Facebook data breach.
The seller also confirmed that his group is not related to the Russian government or the Internet Research Agency, a hacking group linked to the Kremlin.