Contents of hacked private messages from at least 81,000 Facebook accounts were being sold for 10 cents (8p) per profile, an investigation has found. The messages were posted on a forum by Russian hackers who said that their “database includes 120 million accounts,” which they claim to have access to, and was attempting to sell. The number could not be confirmed by external cybersecurity experts, and Joseph Carson, Chief Security Scientist at Thycotic said, “It is more likely that the published list of 81,000 accounts is all that the cybercriminals have, and they are looking to cause disruption and fear.”
Facebook, however, denied claims of hackers gaining access to its servers and says that the data in question had probably been obtained through malicious browser extensions. “We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” told Facebook executive Guy Rosen. Facebook has even sought the help of law enforcement to have the stolen information removed from platforms where it was published.
Many of the accounts which have been compromised are based in Ukraine, Russia, the U.K., U.S., Brazil and elsewhere. Several Russian users affected by the breach confirmed that the texts available online were indeed their private Facebook messages.
The hackers are yet to be pinned down and Facebook “encourages people to check the browser extensions they've installed and remove any that they don't fully trust," Rosen said.