Another day, another Facebook breach it seems, as hackers appear to have gotten their hands on the personal messages of more than 81,000 individual accounts. The social network attempts to wash its hands of responsibility, blaming malicious browser extensions for the fault.
Before the advertisement was removed, hackers attempted to sell access to the data for as little as 10 cents per account, according to the BBC. The perpetrators contacted the publication’s Russian Service to claim that it could sell data from a staggering “120 million accounts” in its database.
Cyber-security firm Digital Shadows examined the available data, determining that approximately 81,000 had private messages scraped from their profile, while data from a further 176,000 accounts included email addresses and phone numbers. The latter could simply have been gathered via a lack of privacy settings, but this has yet to be confirmed.
The victims seems to primarily stem from Russia and Ukraine, however affected accounts come from all over the world including the UK, US, Brazil and beyond. All of the messages breached were of a personal nature, from the tame subject of dicussing a music concert to the more explicit.
Facebook explained that its security had not been breached, pointing the finger towards dodgy extensions within Chromium-based browsers and Firefox. The social network has yet to name and shame the extensions believed to be responsible for the breach in security, but explained that one in particular quietly monitored Facebook use and inconspicuously sent the personal data.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” explained Facebook executive Guy Rosen. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
This is bad news for Facebook after its series of security mishaps revealed this year alone, yet this could spell bad news for browser providers and their responsibility to curate marketplaces. Platforms have yet to officially address the allegations.
KitGuru Says: Facebook being as large as it is also makes the social network the biggest target of attacks like these, but it doesn’t make it any more acceptable. In fact, the money that the platform generates should be enough to bolster security. Perhaps it’s time to re-evaluate how we all use Facebook?