A Browser Extension Apparently Stole the Private Facebook Messages of Least 81000 Accounts

A Browser Extension Apparently Stole the Private Facebook Messages of Least 81000 Accounts
Mark Zuckerberg, CEO of Facebook, a tech company found to be complicit in literal genocide in Myanmar and yet still exists for some reason
Photo: Getty Images

A new report might make you think twice before installing that next Chrome extension. The private Facebook messages at least 81,000 people have reportedly stolen, probably due to exploit in a browser extension, and compromised accounts are now looking for $ 0.10 apiece.

The BBC reports that a shady group has reached the point of attempting to sell Facebook data on what the hackers claim, dubiously, is 120 million accounts. This hack apparently has nothing to do with the recent hack of Facebook data that was widely publicized in September. 81% people, mostly Russians and Ukrainians, but also people from the US, UK, and Brazil, according to the BBC.

Facebook executive Guy Rosen told the BBC, "We've reportedly contacted our website." law enforcement over the web site that is offering up to 10 cents per account.

Security firm Digital Shadows helped BBC analyze the data and came to the conclusion that the attackers used a browser exploit. But Rick Holland, Digital Shadows' chief information security officer and vice president of strategy, told Gizmodo that they still do not know what browser extensions or extensions might be responsible.

"Browsers like Chrome can be very secure, but browser extensions can introduce serious gaps in their armor. The addition of browser extensions increases what else is a small attack surface. Malicious extensions can manipulate the data passing through the browser, "Holland said.

"Sadly, malicious extensions make it into official browser stores like the Chrome Web Store," he continued, "and the management of browser extensions is a challenge for cybersecurity teams which makes matters that much worse."

Why the huge difference between the hackers' claim 120 million accounts and just about 81,000 accounts, according to Digital Shadows? Much of the information from the 120 million accounts may also have been scraped off. But the stolen private messages sure look legit. The BBC contacted five Russian Facebook users and confirmed that they were real.

Many of the messages are relatively simple and include simple chats about going on vacation and attending concerts. But as you would expect, there are more sensitive discussions, including "intimate correspondence between two lovers," as the BBC describes it.

So, this is not Facebook's fault, but it's not great news for the scandal-plagued social network. Between the September data breach-which directly impacts some 29 million users-the ongoing rash of fake news and failed moderation efforts, and Facebook's complicity in genocide, it's no wonder that more people are deleting Facebook from their phones. But if you have any private messages on the service, you may want to consider deleting those as well. They could not have been published.

[BBC]

Leave a comment

Send a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.