A recent BBC Investigation has uncovered that hackers have stolen Facebook private messages from a total of 120 million accounts, however, the BBC are unsure over the accuracy of this figure.
The BBC discovered the ad in September, which claimed: “We sell personal information of Facebook users. Our database includes 120 million accounts.” Cybersecurity firm Digital Shadows investigated the claim, and found that more than 81,000 accounts put online as a sample contained private messages.
Digital Shadows also confirmed that personal information such as phone numbers and email addresses from another 176,000 accounts was published, but that it may have been scrapped because the accounts in question had not hidden it.
Many of the users affected are reportedly based in the Ukraine and Russia, although there were users affected in many other countries including the US, the UK and Brazil. One of the websites where the hackers posted the data was ascertained to have been set up in St Petersburg.
The BBC Russian service contacted five Russian users affected by the hack, and confirmed the messages were theirs. The messages included holiday pictures, complaints about a son-in-law, and an “intimate” conversation between two lovers.
However, the data is thought to have been obtained not through a breach in Facebook’s security but rather through the use of a nasty browser extension. Facebook have announced though that they are taking further action to help prevent other accounts being hacked by the perpetrators.
“Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed off of Facebook,” said Facebook executive Guy Rosen in a statement sent to Business Insider.
“We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts. We encourage people to check the browser extensions they’ve installed and remove any that they don’t fully trust. As we continue to investigate, we will take action to secure people’s accounts as appropriate.”
A high number of users adding extensions to their browsers such as spell checkers and ad blockers, and it is thought that this is how the perpetrators gained access to Facebook accounts.
The hackers were advertising the sale of a single account for 10p, however, they removed that advertisement shortly after it went live.