Cyber criminals selling stolen private Facebook messages for 10 cents per account

Online scammer arrested for hacking into Facebook Messenger and impersonation
A man poses with a magnifier in front of a Facebook logo on display in this illustration Reuters

Facebook is under the microscope ever since the Cambridge Analytica scandal came to light and the social networking platform is trying to deal with every situation carefully. Adding to the troubles of the world's largest social media network, which has over 2 billion users across the world, is another data breach targeting personal messages of thousands of users.

BBC has reported that hackers are claiming to have personal data belonging to over 120 million Facebook account holders and are willing to sell it for quick cash. To prove the legitimacy of the data breach, hackers published private Facebook messages of almost 81,000 users.

BBC also contacted a number of affected Facebook users and was able to confirm the leaked data was legit. The report stated that in addition to the 81,000 accounts whose private messages were leaked online, data from additional 176,000 accounts were also made available but email addresses and phone numbers could have been scraped from members who not hidden it.

Upon further investigation, BBC Russian Service contacted five users whose private messages were leaked online and was able to verify the posts' authenticity.

"One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. There was also an intimate correspondence between two lovers," BBC report noted.

The perpetrators behind the orchestrated attack on Facebook users are reportedly selling the stolen data for as low as 10 cents per account. Affected users are largely based in Ukraine and Russia, but the extent of the attack also reaches to other countries, including Brazil, UK and the U.S.

The advertisement for selling millions of account information has since been taken down, but the advertiser told BBC when approached as a buyer, that the hacker group could deliver data from 120 million accounts. However, cyber-security company Digital Shadows that examined the data for BBC was sceptical on the claim as it was unlikely of Facebook to miss such as massive breach.

In fact, unlike previous times, Facebook is not to be blamed for the data breach. The company told the paper that its systems were not compromised and that it could have been due to malicious browser extensions affected users installed on their browsers.

"We have contacted browser-makers to ensure that known malicious browser extensions are no longer available to download in their stores," Facebook executive Guy Rosen said in a statement. "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

The best practice is to avoid installing browser extensions from unverified sources. If you have any extensions installed, it's worth taking a look over their developers and make sure you trust them before continuing to use them. Even though Facebook is not to be held accountable for the latest attack, it doesn't shine a good light on the social media platform.

Related topics : Facebook