The contents of hacked private messages from at least 81,000 Facebook accounts were being sold online this fall, according to the BBC.
The breach was first discovered in September after one of the hackers advertised the stolen data on a forum. The message details were obtained after users downloaded a malicious browser extension that then scraped the information from their accounts. The hackers then sold access to the information for 10 cents per account. The group told BBC that their “database includes 120 million accounts,” but that number could not be confirmed by outside cybersecurity experts.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC. After being notified of the hack, Facebook reached out to law enforcement to have the stolen information removed from platforms where it was published.
Many of the compromised accounts originated from Russia and Ukraine, but some also belonged to users in the US, UK, and elsewhere. The BBC spoke to several Russian users who had their messages stolen. Users had photos from a Depeche Mode concert and holiday events stolen as part of the hack.
This hasn’t been the only significant hack on the platform in the past few months. In September, Facebook announced that hackers were able to obtain private details from nearly 30 million accounts (originally estimated at 50 million) through a flaw in the platform’s “View As” feature. The hackers have yet to be identified.