What does it actually take to hack an election? Technically Speaking
Your private messages on Facebook may be up for sale.
A hacker group has allegedly obtained private messages from 81,000 Facebook accounts — possibly many more — and at one point sold access to the database for 10 cents per account, the BBC reported Friday.
According to the report, many of these accounts are based in Ukraine and Russia, though some are from other countries, including the U.S., the UK and Brazil. At one point, hackers have put up an ad offering access to the data at 10 cents per account, but that ad has been taken offline.
The hackers told the BBC that they actually had details from 120 million accounts, though BBC asked cybersecurity company Digital Shadows to browse through the sample of data posted online and verify this number, and they were only able to find private messages in more than 81,000 accounts. A further 176,000 accounts also contained personal data such as phone numbers and email addresses, though these might’ve been obtained without actually hacking the accounts, by scraping the information from users who chose not to make it private.
The data trove has surfaced shortly after Facebook confirmed that 29 million users had their accounts accessed by hackers. However, this new stolen data appears to have been obtained through malicious browser add-ons.
Facebook, for one, claims its systems have not been breached, according to the report. And the hackers themselves, when contacted by the BBC, said the data had nothing to with the recent security breach or the data stemming from the Cambridge Analytica scandal.
“Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed off of Facebook,” Guy Rosen, VP of Product Management at Facebook, told Mashable via e-mail.
“We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts. We encourage people to check the browser extensions they’ve installed and remove any that they don’t fully trust. As we continue to investigate, we will take action to secure people’s accounts as appropriate,” he said.
Whatever its origin, the data appears to be genuine, and includes private chats between users. Given Facebook’s security track record this year, another scare like this surely won’t sit very well with users.