More than Over 81,000 Facebook accounts in the Ukraine, Russia, United Kingdom, United States, and Brazil have been compromised, with their private messages published and possibly sold.
An advertisement appeared on an English-language forum in September, offering to “sell personal information of Facebook users” for 10 cents per account, according to the BBC. It has since been taken down.
The hackers told the BBC that 120 million users, 2.7 million of which were Russian, had had their accounts hacked. This seems unlikely, however, as Facebook would have noticed such a substantial breach, according to cyber-security company Digital Shadows, which has been working with the BBC.
The BBC reached out to five Russian Facebook users whose private messages had been stolen; each confirmed it belonged to them, with conversation topics ranging from a recent holiday, concerts, and complaints about a son-in-law.
Digital Shadows also confirmed that data from a further 176,000 accounts was accessible although apparently some of that information, which included email addresses and phone numbers, could have been scraped from members that had not hidden it on their profile.
The BBC also emailed the hackers, pretending to be interested in purchasing 2 million account details. When asked whether this was related to the Cambridge Analytica scandal, or whether the leaks were linked to the Kremlin, the hacker(s) said no.
Facebook says the data was likely gathered using malicious browser extensions.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen said. “We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
Rosen already has his hands full with a confirmed breach of approximately 30 million Facebook accounts.