BBC finds private messages from 81,000 hacked Facebook accounts put up for sale

16:00, 02 November 2018
371 0

Facebook said its security had not been compromised, according to BBC.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline.

Read alsoU.S. group posing as Russian trolls easily buys political ads on Google - media

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," said Facebook executive Guy Rosen.

"We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

"We sell personal information of Facebook users. Our database includes 120 million accounts," the user wrote.

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it.

Read alsoFacebook security breach allowed hackers to control accounts of up to 50 mln users – media

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

There was also an intimate correspondence between two lovers.

One of the websites where the data had been published appeared to have been set up in St Petersburg.

Its IP address has also been flagged by the Cybercrime Tracker service. It says the address had been used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.

Read alsoFSB nabs border guard for "selling" data on Petrov, Boshirov's trips – Russian media

Personal shopping assistants, bookmarking applications and even mini-puzzle games are all on offer from various browsers such as Chrome, Opera and Firefox as third-party extensions.

The little icons sit alongside your URL address bar patiently waiting for you to click on them.

According to Facebook, it was one such extension that quietly monitored victims' activity on the platform and sent personal details and private conversations back to the hackers.

The BBC Russian Service emailed the address listed alongside the hacked details, posing as a buyer interested in buying two million accounts' details.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September.

A reply in English came from someone calling themself John Smith.

He said that the information had nothing to do with either data leak.

He claimed that his hacking group could offer data from 120 million users, of whom 2.7 million were Russians.

But Digital Shadows told the BBC that this claim was doubtful because it was unlikely Facebook would have missed such a large breach.

John Smith did not explain why he had not advertised his services more widely.

And when asked whether the leaks were linked to the Russian state or to the Internet Research Agency - a group of hackers linked to the Kremlin - he replied: "No."

If you see a spelling error on our site, select it and press Ctrl+Enter