In a latest breach, private messages from at least 81,000 Facebook accounts were being sold by hackers. According to a report in BBC, the compromised users were based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.
The breach first came into light in September when one of the hackers advertised the stolen data on a forum. The hackers offered to sell access for 10 cents per account.
The group further told BBC that their “database includes 120 million accounts,” however cybersecurity experts have not confirmed the numbers.
Facebook said its security had not been compromised. And the data had probably been obtained through malicious browser extensions.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC. Facebook has also reached out to law enforcement to remove the stolen data published in the platforms.
Facebook has not named the extensions it believes were involved but says the leak was not its fault.
“If malicious extensions were indeed the cause, the browsers' developers might share some responsibility for failing to vet the programs, assuming they were distributed via their marketplaces,” independent cybersecurity experts told BBC.
But the hack is still bad news for Facebook which is trying hard to regain trust of its users from back to back data breaches.
In September, the social media giant admitted that hackers broke into nearly 50 million users' accounts by stealing their "access tokens" or digital keys by exploited a vulnerability in Facebook’s ‘View As’ feature.
Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” the company said in a blog post.
The company has also temporarily turned off the “View As” feature while a thorough security review is under process. Facebook has still yet to determine whether these accounts were misused or any information accessed.
View As is a privacy feature that lets people see what their own profile looks like to someone else.