The bad news just keeps on coming for Facebook after a new report indicates that hackers appear to have compromised and published private messages from dozens of thousands of Facebook users.
According to BBC, hackers claim to have stolen data from a total of 120 million accounts. The cybercriminals are looking to sell the stolen data for 10 cents per account. Facebook, however, denies that its security was compromised. Instead, they claim that the data was probably obtained through malicious browser extensions people had installed on their computers. The names of the malicious extensions were not revealed.
The social media giant told BBC that they've already contacted browser-makers. They are looking to have these malicious extensions removed from their stores to avoid additional downloads. Plus, law enforcement and local authorities have already been contacted and involved in the process. Facebook seeks to have the website that displayed information from Facebook accounts removed. But, as everyone knows, everything lives forever on the Internet, so the data will likely simply move on to a different location.
As mentioned above, the hackers claim to have access to data from over 120 million users, 2.7 million of them being from Russia. That, however, seems like a breach that's big enough Facebook would have detected it had it happened. They also claim the data has nothing to do with the Cambridge Analytica scandal, or the other security breach Facebook revealed in September.
"The alleged breach has to be urgently and thoroughly investigated. At first glance, however, it looks dubious: 81,000 accounts is a very small amount for Facebook, and I would not be surprised if these accounts come from a large-scale password reuse attack," High-Tech Bridge CEO Ilia Kolochenko told TechNadu via email. "Cybercriminals may use these accounts as a valid “PoC” to impress potential buyers. Modern Dark Web is overcrowded with fake offers of stolen data, and this could be just another case of that."
Kolochenko goes to add that it's unlikely the hack was done by a nation-state hacker group since those are unlikely to sell off the data. There is a concern, however, that the breach is connected to the recent API vulnerability in Facebook.
"Technical investigation by Facebook should shed some light on it, but for the moment, all Facebook users should probably consider changing their passwords as a precaution," the security expert advises.
What do you think that Facebook might be trying to hide a massive breach? Let us know in the comments section below. And also, don't forget to follow us on Facebook and Twitter. Thanks!