A BBC investigation has revealed that hackers stole the private messages belonging to over 81,000 Facebook accounts to then sell them for 10 cents per account.
The investigation began when the BBC spotted an ad on a web forum, offering to sell access to Facebook users’ accounts for 10 cents each.
“We sell personal information of Facebook users. Our database includes 120 million accounts,” the posting claimed. An investigation ensued, with cybersecurity firm Digital Shadows discovering over 81,000 accounts posted online as a sample containing private messages.
The firm also discovered that personal details including phone numbers and email addresses from another 176,000 accounts was published but may have been scraped since those accounts had not hidden it.
Much of the users whose details have been compromised were in Ukraine and Russia among others from the United Kingdom, the United States, Brazil and elsewhere.
The data is understood to be obtained through malicious browser extensions.
For its part, Facebook insists its security has not been compromised.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen. “We have also contacted law enforcement and worked with local authorities to remove the website that displayed information from Facebook accounts.