Crooks offered for sale private messages for 81k Facebook accounts
5.11.2018 securityaffairs

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts.
Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.

According to the BBC, crooks are offering for sale on underground criminal forums the private messages of 81,000 hacked Facebook accounts.

“The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.” states the BBC.

The BBC Russian Service investigated the alleged data breach along with cybersecurity firm Digital Shadows and determined they are authentic.

Most of the 81,000 Facebook users whose data were offered for sale were from Ukraine and Russia.

FAcebook accounts hacked

The seller, who goes online with the moniker “FBSaler,” claims being in possession of information related to 120 million Facebook users and is offering the access to the private messages for 10 cents per account.

FBSaler advertised the data on an underground hacking forum called BlackHatWorld and provided a link to a site named FBServer where sample data was posted.

“We sell personal information of Facebook users. Our database includes 120 million accounts, with the ability to sample by specific countries. The cost of one profile is 10 cents.” Wrote FBSaler.

“Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it,” continued the BBC report.

Experts from Digital Shadows traced the advertisement to an IP address in Saint Petersburg, they also linked the IP address to a campaign spreading LokiBot password-stealing.

Which is the data source?

Facebook analyzed the data and discovered that information offered by crooks has been harvested through malicious browser extensions.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Malicious browser extensions are a common mean for attackers to obtain the precious information.

In September 2017 a malicious Chrome extension dubbed Browse-Secure that masqueraded as an extension that allows you to perform encrypted searches was used to steal information from Facebook accounts.

Experts suggest avoiding using browser extensions that are installed by a limited number of users or that haven’t good ratings