Hackers Extracted and Published Facebook Private Messages Grabbed Through Bad Browser Plug-Ins

Angelica Greene
November 3, 2018

Before the advertisement was removed, hackers attempted to sell access to the data for as little as 10 cents per account, according to the BBC. "Our database includes 120 million accounts", the user wrote. Rosen did not specify the name of the browser extension that allegedly sent personal details and private messages of users back to the hackers. To steal the information, the well-known method of malicious desktop browser extension was used.

Facebook is back in the limelight with another alleged data breach, and this time users' personal messages shared on the platform are claimed to have been compromised.

After performing some investigation, security firm Digital Shadows confirmed that about 81,000 profile had private messages.

"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores", Facebook executive Guy Rosen told the site.

Where?: Most hacked accounts are based in Ukraine and Russian Federation.

The social network is also working with local authorities to remove the website where the sample data was posted.

'Electrical stimulation helps three paralysed patients walk again'
Scientists think the implant's electrical stimulation adds enough power back to the brain's commands to get muscles moving again. Moreover, they exhibited no leg-muscle fatigue, and so there was no deterioration in stepping quality, researchers said.

Nick Mullens gets verified on Twitter during breakout performance vs. Raiders
Mullens' performance Thursday night ended a six-game losing streak for the 49ers, but he's no stranger to ending a lengthy skid. The 49ers also ran for 143 yards, none more glaring than Raheem Mostert's 52-yard touchdown run in the fourth quarter.

Highway worker helps find woman who spent six days in desert
Route 60 near Wickenburg when she lost control of her vehicle on October 12, the Arizona Department of Public Safety said. A spokesman for the DPS said the woman is not speaking to reporters and there were no updates on her condition.

Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it. But as you'd expect, there are also more sensitive discussions, including "intimate correspondence between two lovers", as the BBC describes it.

Trojans and malicious browser extensions stealing Facebook data is nothing new as BleepingComputer has reported on them in the past.

Facebook is having a bad year for data privacy. But Rick Holland, Digital Shadows' chief information security officer and Vice President of strategy, told Gizmodo that they still don't know what browser extension or extensions might be responsible.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September.

When asked about a possible connection to the Russian state or Kremlin-run programs like the Internet Research Agency, a representative for the hacking group only identified as John Smith said there was no connection.

Other reports by GizPress

Discuss This Article