Private Facebook conversations of some 81,000 users were posted after hackers used third-party browser extensions to monitor communication between users, according to a new report.
So far only 81,000 users had their conversations leaked online but, according to the group that obtained all the data, over 120 million accounts could be affected.
While this might sound reminiscent of the recent Facebook hack that compromised the personal data of some 30 million users that also happened last month, this attack is different than – and completely unrelated to – that previous attack.
How it differs is that Facebook security itself hasn’t been compromised – according to the BBC’s investigative team, hackers were using browser extensions to collect the data. These hackers were also only able to obtain Facebook conversations – snippets of text sent between users – rather than users’ personal information that’s stored on Facebook servers.
The other key difference between the two hacks are the targets: the personal information that was stolen seemed primarily to focus on American accounts while the more recent browser hack targeted users living in Ukraine and Russia. Some conversations are from the UK, US, Brazil and elsewhere, but these countries’ users weren’t the primary targets.
Once hackers obtained conversations, they proceeded to sell them online for 10 cents (8 British pence) per account – a small sum that multiplied by 81,000 could’ve been a lucrative haul for the hackers were they not shutdown by local police.
To verify the information contained in the conversations were real, the BBC Russian Service in collaboration with a cyber-security company Digital Shadows contacted the victims who all confirmed that those conversations really happened.
When asked about a possible connection to the Russian state or Kremlin-run programs like the Internet Research Agency, a representative for the hacking group only identified as John Smith said there was no connection.
In response to the story, Facebook executive Guy Rosen told the BBC that the company has “Contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” and “Have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
While this, in no way, is Facebook’s fault and falls more on browser developers like Safari, Firefox and Chrome who didn’t properly vet some of these extensions, it’s not good optics for a company still in the hot seat after the Cambridge Analytica scandal.
The good Lengthy battery life Personalized audio profile Customizable fit with fabric cord Device powers down automatically when not in use The bad No setting to allow more ambient noise Verdict Killer battery life, customizable sound and adjustable fit make these Bluetooth sport buds a must-buy. Fitness-focused Bluetooth earbuds are a dime a dozen, and...
If you can’t log in to your Snapchat account right now, you’re not alone. Some users can’t access their accounts, and by reports on Twitter, it seems that affected users are getting error messages that make it sound like their accounts have been deleted. According to a tweet sent out by Snapchat Support on Friday...