Facebook Private Messages Stolen? Hack of 81,000 Accounts for Sale Blamed on 'Malicious Browser Extensions'

The logo of the social network Facebook appears on a broken screen of a mobile phone. Hackers claiming to have access to a trove of Facebook private messages recently offered to sell data for 10 cents per account, the BBC reported Friday. JOEL SAGET/AFP/Getty Images

Hackers claiming to have access to a trove of Facebook private messages recently offered to sell data for 10 cents per account, the BBC reported Friday.

But mystery surrounded the veracity of the cyber criminals' boast. Facebook denied its security was compromised, yet conceded the data was likely tied to malicious browser extensions.

The hackers, the BBC reported, claimed to have access to 120 million accounts in an advertisement that has since been removed from the web. Cybersecurity company Digital Shadows was able to confirm a sample of approximately 81,000 accounts indeed contained private messages.

In a statement sent to Newsweek, citing executive Guy Rosen, Facebook said, "Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed off of Facebook." The social network did not elaborate on what extension may have been responsible for covertly sending account information to the hackers.

"We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related," the statement attributed to Rosen said.

"We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts," it added. "We encourage people to check the browser extensions they've installed and remove any that they don't fully trust. As we continue to investigate, we will take action to secure people's accounts as appropriate."

Mark Zuckerberg
Facebook co-founder, Chairman and CEO Mark Zuckerberg arrives to testify before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill, on April 10. Chip Somodevilla/Getty Images

Some cybersecurity experts suggest there is reason to doubt the hackers' claims.

"At first glance it looks dubious," explained Ilia Kolochenko, CEO of web company High-Tech Bridge in a statement via email, adding, "81,000 accounts is a very small amount for Facebook, and I would not be surprised if these accounts come from a large-scale password reuse attack.

"Cybercriminals may use these accounts as a valid proof to impress potential buyers. The web is overcrowded with fake offers of stolen data, and this could be just another case of that."

Links to Russia?

The BBC reached similar conclusions. It reported that some of the allegedly pilfered data could have been scraped from accounts with public settings. Digital Shadows, meanwhile, said it was unlikely Facebook would have missed a compromise on the scale of millions of profiles. Yet at the same time, five Russian Facebook users confirmed the data appeared to be legitimate.

Messages included "intimate correspondence between two lovers," the BBC reported. While links to Russia were unclear, one site hosting data was allegedly set up in St Petersburg.

Facebook has had a tough 2018. It has been at the center of a series of security and political scandals that it has been either unwilling or unable to address to the satisfaction of its users.

One survey, by the Pew Research Center, said that a quarter of Americans have deleted the Facebook app over the past year, and many more have either used the service less or changed their privacy settings.

In March, it emerged millions of accounts had been harvested by a political profiling company, Cambridge Analytica. In September, it informed users 50 million accounts had been hit by a security issue. Hackers, it said in a blog, found a way to "take over people's accounts."

Kolochenko said the latest alleged intrusion was unlikely to be the work of nation-state hacking groups like those that gained notoriety during the 2016 U.S. presidential election.

"The public sale of Facebook accounts is probably the very last thing they would do," the cyber expert stated. "Based on the available information, it's also difficult to say whether the recent API vulnerability in Facebook and the alleged breach are somehow related.

"Technical investigation by Facebook should shed some light on it, but for the moment, all Facebook users should probably consider changing their passwords as a precaution."

A car passes by Facebook’s corporate headquarters location in Menlo Park, California, on March 21. JOSH EDELSON/AFP/Getty Images