Rogue browser extension blamed for theft of millions of Facebook private messages

If you're a Facebook user your data may be compromised

Guy Rosen, Facebook's VP Product Management, said the company has contacted browser makers to ensure the infected extensions are no longer offered for download in their stores. Facebook has claimed that the data theft wasn't the company's fault. BBC posed as potential buyers of this data, and uncovered that these hackers were not linked to the Russian state or to the Internet Research Agency - a group of hackers linked to the Kremlin.

In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October admitted that hackers broke into almost 50 million users' accounts by stealing their "access tokens" or digital keys.

Before the advertisement was removed, hackers attempted to sell access to the data for as little as 10 cents per account, according to the BBC.

And the data had probably been obtained through malicious browser extensions.

The victims seems to primarily stem from Russian Federation and Ukraine, however affected accounts come from all over the world including the UK, US, Brazil and beyond.

After performing some investigation, security firm Digital Shadows confirmed that about 81,000 profile had private messages. A further 176,000 accounts also contained personal data such as phone numbers and email addresses, though these might've been obtained without actually hacking the accounts, by scraping the information from users who chose not to make it private.

The breach was first discovered in September.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. Rosen said the social network had notified law enforcement, had the website hosting the Facebook account data had been taken down.

A reply in English came from someone calling themself John Smith. Out of that 120 million approximately 81000 of them were believed to contain private and intimate messages. The leaked data has since been taken down from the site it had originally been published on.

The publication also cited Digital Shadows to claim that 120 million was an unlikely figure for the number of victims, as Facebook would not have missed such a large breach.

Related:

Comments

Latest news

Trump promises executive order next week to change USA asylum laws
Immigration officials have turned away asylum-seekers at border crossings because of overcrowding, telling them to return at a later date.

Passengers to face AI lie detector tests at European Union airports
If the traveler is believed to be a risk, the case is formally handed over to a human agent for further investigation. Even so, if the program does prove to be successful, queuing up at the border might soon become a thing of the past.

Is there a Trump-China deal in the offing? We'll see
The Chinese president was also quoted as saying that he was willing to meet Trump in Argentina during the G-20 summit. Mr Trump has asked key United States officials to begin drafting potential terms, according to the report.

There are some catches to buying a OnePlus 6T through T
Although OnePlus promises bi-monthly updates for the 6T, the T-Mobile version won't necessarily get them at the same time. It has been bumped up from 6.2-inch to 6.4-inch with an AMOLED screen, which also gets Corning Glass 6 protection.

Paralyzed Patients Walk Again After Targeted Spinal Cord Stimulation
Within one week of starting the study , all the participants could walk using body weight support. The Christopher and Dana Reeve Foundation has more about functional electrical stimulation .

Other news