Rogue browser extension blamed for theft of millions of Facebook private messages | Tech Industry
The big picture: The latest security breach involving Facebook may not be the company’s fault. Instead, a rogue third-party browser extension could be the culprit. As always, it’s best to get your extensions from reputable sources to minimize the possibility of installing compromised software.
For thousands – and potentially millions – of Facebook users, correspondence sent in confidence via the social network’s private messages platform have proven to be anything but.
According to the BBC, hackers posting on an Internet forum in September offered to sell access to private messages from Facebook accounts for 10 cents each. The group posted a sample of its purported 120 million account haul online and according to cybersecurity firm Digital Shadows, more than 81,000 of those shared profiles contained private messages.
It is believed that many of the user details came from Russia and Ukraine-based Facebook users although some messages also originated from people in the US, the UK and Brazil, the BBC notes.
The BBC Russian Service reached out to five Russian Facebook users whose data was purportedly involved in the breach, confirming the authenticity of the private messages.
Sample message topics ranged from photos of a vacation and talk about a recent Depeche Mode concert to complaints about a son-in-law and intimate chat between two lovers.
Facebook believes a rogue browser extension is to blame for the theft. “We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook executive Guy Rosen told the BBC.
The social network is also working with local authorities to remove the website where the sample data was posted.