Rogue browser extension blamed for theft of millions of Facebook private messages

[Matrix]

Private Facebook messages were offered for 10 cents each

 

 

 

The big picture: The latest security breach involving Facebook may not be the company's fault. Instead, a rogue third-party browser extension could be the culprit. As always, it's best to get your extensions from reputable sources to minimize the possibility of installing compromised software.

For thousands – and potentially millions – of Facebook users, correspondence sent in confidence via the social network’s private messages platform have proven to be anything but.

According to the BBC, hackers posting on an Internet forum in September offered to sell access to private messages from Facebook accounts for 10 cents each. The group posted a sample of its purported 120 million account haul online and according to cybersecurity firm Digital Shadows, more than 81,000 of those shared profiles contained private messages.

It is believed that many of the user details came from Russia and Ukraine-based Facebook users although some messages also originated from people in the US, the UK and Brazil, the BBC notes.

The BBC Russian Service reached out to five Russian Facebook users whose data was purportedly involved in the breach, confirming the authenticity of the private messages.

Sample message topics ranged from photos of a vacation and talk about a recent Depeche Mode concert to complaints about a son-in-law and intimate chat between two lovers.

Facebook believes a rogue browser extension is to blame for the theft. “We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC.

The social network is also working with local authorities to remove the website where the sample data was posted.

 

source

[nir]

Private Messages From Hacked Facebook Accounts Found Online For Sale

 

Last month, Facebook suffered a massive hack. The attack allegedly affected millions of accounts. A month has passed since the occurrence, however Facebook has still not revealed much detail. This includes the geographical impact and the extent of data pilfered on the account. Recently, the BBC discovered an advertisement offering private messages from the hacked Facebook accounts for sale. The sellers allegedly had data from millions of accounts. It is unclear whether they got this data from the recent hack, the Cambridge Analytica incident, or through other means.

Private Messages From Hacked Facebook Accounts Discovered For Sale

As reported, the BBC Russian Service confirmed they found sellers advertising private messages and personal information of Facebook users. The sellers, as they claimed, possessed data from millions of hacked Facebook accounts.

 

The BBC Russian Service team found the breach in September, after which they contacted the sellers disguising themselves as potential buyers for two million accounts’ information.  The sellers offered to sell the accounts at a rate of 10 cents per account. As stated in their report,

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum. “We sell personal information of Facebook users. Our database includes 120 million accounts,” the user wrote.

The BBC team also involved Digital Shadows – a cybersecurity firm – to verify the sample data. They could confirm that the sample included details of 81000 Facebook accounts. These profiles even included private messages that BBC could view.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

To further confirm the genuineness of profiles, the BBC Russian Service team contacted five of the alleged victim Russian Facebook users. They acknowledged the ownership of the posts and messages.

 

BBC has found one of the websites advertising this data seemingly linking to St. Petersburg, Russia, with a flagged IP.

Its IP address has also been flagged by the Cybercrime Tracker service. It says the address had been used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.

Facebook Blames Malicious Browser Extensions For The Breach

After the discovery, the BBC team contacted Facebook regarding the matter. Facebook officials suspect a malicious browser to exfiltrate users’ data. They confirm that their security was not compromised and that they have contacted the developers. However, they did not name any specific extension. According to Guy Rosen,

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores.”

They also confirm that they have involved law enforcement agencies as well to investigate the matter.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

While the sellers claimed to have data for 120 million accounts, including 2.7 million from Russia, Digital Shadows suspect the claim may be bogus.

 

Regarding the origin of the source providing this data, the seller did not reply adequately.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September… He said that the information had nothing to do with either data leak.

The hacked profiles predominantly include user accounts from Russia and Ukraine, with 2.7 million accounts of Russians alone. Besides, the data also includes profiles from the US, UK, Brazil, and other areas.

 

BBC confirms the advertisement to be now offline.

 

Source

[Ha91]

Cambridge analytica scandal included mining entire databases of users including their passwords? 😮 @nir @DonyMach1 @straycat19