Up to 120m Facebook accounts are ‘up for sale for EIGHT PENCE each’ online after Russian hackers publish private messages from 81,000 global users
- Private messages from UK, Ukraine, Russia, US, Brazil and elsewhere published
- Hackers were attempting to sell access to the accounts online for 8p per profile
- Examples included intimate messages between a couple and holiday photos sent privately over Facebook messenger
The hackers were attempting to sell the accounts online for as little as eight pence (10 cents) per profile.
They published private messages from the compromised accounts to encourage people to make the purchase.
Many of the users whose details have been compromised are based in Ukraine and Russia – but some are from the UK, US, Brazil and elsewhere.
Their advert – placed on an English language forum – has since been taken offline.
Scroll down for video
UK Facebook accounts are among 81,000 profiles up for sale after being hacked by Russian cyber criminals. Cyber criminals are using private messages from the compromised accounts to advertise the profiles
Examples of the messages published included an intimate chat between two lovers, complaints about a son in-law, photos of a recent holiday sent privately between two Facebook friends and a chat about a recent Depeche Mode concert
The perpetrators claim they have details from a total of 120 million accounts, according to the BBC Russian Service.
Facebook said its security had not been compromised and that the data was likely obtained through malicious browser extensions.
The social media giant assured users it had taken steps to prevent further accounts being affected.
‘We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,’ Facebook executive Guy Rosen told the BBC.
‘We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.’
The news comes just weeks after Facebook discovered a massive security breach affecting 50 million user accounts. But the social media giant said it was not to blame in this case
The data breach was first picked up in September, when a user named FBSaler began advertising ‘personal information of 120 million Facebook users’ on an English-speaking internet forum.
The BBC investigation found that more than 81,000 profiles advertised online contained private messages.
Sensitive information from an additional 176,000 accounts was also published – although some of the information, such as email addresses and phone numbers, could have been taken from users who had not concealed it.
The IP address of one of the websites selling the data was traced back to St Petersburg.
Its IP address has also been used to spread the LokiBot Trojan, which allows attackers to gain access to user passwords.
HOW CAN YOU TELL IF YOUR FACEBOOK ACCOUNT WAS HIT BY HACKERS?
Facebook said it believes 30 million users were affected a result of the data breach it was hit with in late September.
That’s a marked decrease from its initial estimate of 50 million users.
Along with that update, it said 15 million users out of the 30 million had their names and contact information accessed by hackers. Approximately 14 million had that information stolen, in addition a myriad of other data, including username, birthdate, gender, and 15 of their most recent searches.
The social media giant has launched a dedicated webpage to check if you’ve been hit by the hack.
Here’s how you can tell if you’ve been hacked:
- Visit the Facebook Help center link after logging into your Facebook account.
- Scroll down to the section with the header: ‘Is my Facebook account impacted by this security issue?’
- Users will be given a ‘Yes’ or ‘No’ answer. For users that weren’t affected, they don’t need to take any immediate steps.
- For users who were affected, Facebook will give users a list of data they believe was accessed by hackers.
- Affected users will be able to discern whether they were part of the 15 million users whose name and contact information was accessed, or the 14 million that had broader information accessed.
- They may also be part of the 1 million users whose access token was stolen, but no personal information was accessed.
- Users should receive a ‘customized message’ in the next few days telling them further preventative measures they can take to protect their account.