Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. In the latest report, the data trove was discovered by the BBC, who found an ad for the sale of details on 120million Facebook accounts.
Hackers were selling access for $0.10 per account – that’s about 8p. The ad, which has now been taken offline, was posted to an internet forum by a user called FBSaler.
“We sell personal information of Facebook users. Our database includes 120million accounts,” it explained.
As proof of the nabbed data, FBSaler posted 81,000 user profiles that contained private messages.
The post also included a further 176,000 accounts that contained more generic info – like phone numbers and email addresses – that could’ve simply been scraped from the website without any hacking techiques.
The BBC and a cybersecurity firm called Digital Shadows confirmed that the messages were legitimate by contacting five Russian Facebook users affected by the leak.
According to the report, many affected users are from Russia and Ukraine, but users in the UK, US, Brazil and elsewhere were also caught up in the attack.
Facebook has been responsible for several major data breaches this year – but says it’s not to blame for this attack.
The company says that malicious browser extensions were responsible, rather than any issues with Facebook’s own cybersecurity.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook’s Guy Rosen.
“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”