Hackers have gained access to private messages of nearly 120 million Facebook accounts and already published such messages from 81,000 accounts for generating money. Several users whose details have been compromised were based in Ukraine and Russia but some were also from the UK, US, Brazil and elsewhere, the report said on Friday.
“The hackers offered to sell access for 10 cents per account. However, their advert has since been taken offline,” it added.
The breach was first discovered in September and the messages were reportedly obtained through unnamed rogue browser extensions.
Facebook, however, said its systems were not breached as part of the hack.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Guy Rose, Vice President of Product Management at Facebook, was quoted as saying.
“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”
The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.
“One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode (British rock band) concert and a third included complaints about a son-in-law,” the report said.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook in October admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys.
Rosen had said that Facebook fixed the vulnerability and reset the access tokens for a total of 90 million accounts — 50 million that had access tokens stolen and 40 million that were subject to a “View As” look-up in 2017.
Ireland’s Data Protection Commission (DPC), which is Facebook’s lead privacy regulator in Europe, has opened a formal investigation into this data breach that could result in a fine of $1.63 billion.
According to Digital Trends, the latest hack involves the use of browser extensions.
“It is always best to check which source an extension is coming from, and which permissions it is being granted access to,” it said.