Private messages of 120 mn Facebook users hacked

Joshua Bennett
November 4, 2018

The BBC also emailed the hackers, pretending to be interested in purchasing 2 million account details.

The hackers offered to sell access for 10 cents (8p) per account. This included a sample of data that the BBC had an expert examine, confirming that over 81,000 profiles' private messages were included.

Most of the users included in the samples were from Russian Federation and the Ukraine, but the hackers apparently also were able to breach the accounts of users from the US and the United Kingdom. The social network has yet to name and shame the extensions believed to be responsible for the breach in security, but explained that one in particular quietly monitored Facebook use and inconspicuously sent the personal data.

Rosen had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts - 50 million that had access tokens stolen and 40 million that were subject to a "View As" look-up in 2017.

The victims seems to primarily stem from Russian Federation and Ukraine, however affected accounts come from all over the world including the UK, US, Brazil and beyond.

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores", Facebook executive Guy Rosen told the BBC.

For example, if the Facebookers implicated in the "hack" happened to share information such as personal addresses, telephone numbers, or banking information (you never know) then the illegal transactions holds more than just its nominal value.

Facebook became aware of the website hawking information from user accounts and started investigating about a month ago.

There was also an intimate correspondence between two lovers.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September. This seems unlikely, however, as Facebook would have noticed such a substantial breach, according to cyber-security company Digital Shadows, which has been working with the BBC.

He said that the information had nothing to do with either data leak.

Other reports by

Discuss This Article