Private Messages From Hacked Facebook Accounts Found Online For Sale

Last month, Facebook suffered a massive hack. The attack allegedly affected millions of accounts. A month has passed since the occurrence, however Facebook has still not revealed much detail. This includes the geographical impact and the extent of data pilfered on the account. Recently, the BBC discovered an advertisement offering private messages from the hacked Facebook accounts for sale. The sellers allegedly had data from millions of accounts. It is unclear whether they got this data from the recent hack, the Cambridge Analytica incident, or through other means.

Private Messages From Hacked Facebook Accounts Discovered For Sale

As reported, the BBC Russian Service confirmed they found sellers advertising private messages and personal information of Facebook users. The sellers, as they claimed, possessed data from millions of hacked Facebook accounts.

The BBC Russian Service team found the breach in September, after which they contacted the sellers disguising themselves as potential buyers for two million accounts’ information.  The sellers offered to sell the accounts at a rate of 10 cents per account. As stated in their report,

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum. “We sell personal information of Facebook users. Our database includes 120 million accounts,” the user wrote.

The BBC team also involved Digital Shadows – a cybersecurity firm – to verify the sample data. They could confirm that the sample included details of 81000 Facebook accounts. These profiles even included private messages that BBC could view.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law. One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

To further confirm the genuineness of profiles, the BBC Russian Service team contacted five of the alleged victim Russian Facebook users. They acknowledged the ownership of the posts and messages.

BBC has found one of the websites advertising this data seemingly linking to St. Petersburg, Russia, with a flagged IP.

Its IP address has also been flagged by the Cybercrime Tracker service. It says the address had been used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.

Facebook Blames Malicious Browser Extensions For The Breach

After the discovery, the BBC team contacted Facebook regarding the matter. Facebook officials suspect a malicious browser to exfiltrate users’ data. They confirm that their security was not compromised and that they have contacted the developers. However, they did not name any specific extension. According to Guy Rosen,

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores.”

They also confirm that they have involved law enforcement agencies as well to investigate the matter.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

While the sellers claimed to have data for 120 million accounts, including 2.7 million from Russia, Digital Shadows suspect the claim may be bogus.

Regarding the origin of the source providing this data, the seller did not reply adequately.

The advertiser was asked whether the breached accounts were the same as those involved in either the Cambridge Analytica scandal or the subsequent security breach revealed in September… He said that the information had nothing to do with either data leak.

The hacked profiles predominantly include user accounts from Russia and Ukraine, with 2.7 million accounts of Russians alone. Besides, the data also includes profiles from the US, UK, Brazil, and other areas.

BBC confirms the advertisement to be now offline.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients