Million Accounts Claimed to Be Compromised

Isaac Cain
November 3, 2018

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores", Guy Rose, Vice President of Product Management at Facebook, was quoted as saying. These accounts are being sold for 10 cents each.

According to The Information, Facebook is in talks to buy a major cybersecurity company to help protect users.

The breach was first discovered in September and the messages were reportedly obtained through unnamed rogue browser extensions.

Hackers stole the private Facebook messages of over 81,000 accounts, a BBC investigation has revealed. Nor is there evidence that information for 120 million user accounts had been obtained - the kind of sizable breach that would hardly escape notice.

More news: Woman rescued 6 days after unusual road accident

Facebook says that although personal data for each user doesn't appear to have been compromised, they were able to find a probable access point for the intrusion: fraudulent "browser extensions". However, with so many extensions available, malicious parties have many options: compromise existing software through insiders or poor developer security; release their own seemingly benign plug-ins that provide a useful function alongside snooping; or buy extensions from developers and then update them to include malware.

The report states that most of the accounts that have been compromised are based in Ukraine and Russian Federation, but some accounts are from UK, US, and Brazil as well. Further, it was found that email addresses and phone numbers could have been extracted from 176,000 more accounts.

The BBC Russian service contacted five Russian users affected by the hack, and confirmed the messages were theirs. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts. Personal information leaks have come in all shapes and sizes, from third-party apps to GDPR infringements and, of course, the whole Cambridge Analytica debacle. However, according to an outside expert reported by the BBC, it appears likely that at least 81,000 Facebook accounts had their privacy breached.

Other reports by LeisureTravelAid

Discuss This Article