Facebook hackers that stole personal information from users in two widely reported attempts have told BBC’s Russian service that they are trying to sell this information to the highest bidder. While they claim to have data from 120 million accounts, Facebook has denied those numbers stating that only 81,000 user accounts have been compromised and now it has taken strong measures to maintain security. If the hackers claim to have this information it could have been obtained through malicious browser extensions. Facebook has assured users that all possible steps have been taken to prevent other accounts from being affected.
According to details available with BBC details of Facebook users in Ukraine and Russia along with UK, US and Brazil have been most affected. There had been an advertisement online by hackers offering to sell information like private messages for 10 cents per account but that has been removed. Facebook executive Guy Rosen stated that they contacted browser makers to ensure that malicious extensions cannot be downloaded from their stores. Facebook’s team is also working with law enforcement officials and local authorities to remove websites that display information stolen from Facebook accounts.
The breach of Facebook accounts was first discovered when a user nicknamed FBSaler posted an advertisement on an English internet forum stating that they sell personal information of Facebook users and he has database of 120 million accounts. Cyber security firm Digital Shadows that examined the claim confirmed that the sellers had data of more than 81000 profiles containing private messages. Data from another 176,000 accounts were available by the same group though some of the information in it like email ids and phone numbers could have been taken off from member profiles that had not hidden this information. BBC’s Russian service contacted three of the five Russian users whose data was revealed to them in this exercise and they confirmed that these private messages had been uploaded by them.