Facebook accounts of users have been compromised once again and their private messages are on sale. Read on to know more about the latest data breach…
BBC reported that hackers have gained access to private messages of nearly 120 million Facebook accounts and have already published such messages from 81,000 accounts for generating money. The latest report says that several users whose details have been compromised were based in Ukraine and Russia but some were also from the UK, US, Brazil and elsewhere. While the perpetrators told BBC Russian Service group that their “database includes 120 million accounts,” the number has not been confirmed by outside cybersecurity experts, as of now.
Guy Rose, Vice President of Product Management at Facebook, was quoted as saying “The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline,”. The breach was first discovered in September this year and the messages were reportedly obtained through unnamed rogue browser extensions. Facebook, however, said its systems were not breached as part of the hack.
According to Digital Trends, the latest hack involves the use of browser extensions. “It is always best to check which source an extension is coming from, and which permissions it is being granted access to,” it said.
The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs. “One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode (British rock band) concert and a third included complaints about a son-in-law,” the report said.
Ireland’s Data Protection Commission (DPC), which is Facebook’s lead privacy regulator in Europe, has opened a formal investigation into this data breach that could result in a fine of $1.63 billion.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October this year admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys. Rose had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in 2017.
Guy Rose said that “We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” He added “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
Rose had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in 2017.