A browser extension apparently stole private Facebook messages from at least 81,000 accounts



[ad_1]

Mark Zuckerberg, CEO of Facebook, a technology company found guilty of complicity in genocide in Myanmar, still exists for some reason.
Photo: Getty Images

A new report might make you think twice before installing next Chrome extension. Private messages on Facebook of at least 81,000 people would have been stolen, probably because of an exploit in a browser extension, and compromised accounts are now apparently on sale for just $ 0.10 a piece.

The BBC reported that a shady group had reached a group. to try to sell Facebook data on what hackers claim, wrongly, 120 million accounts. This hacking apparently has nothing to do with the latest Facebook data hacking that was widely aired in September. The hackers, who may have been Russian since they contacted the BBC's Russian service, seem to receive Facebook messages from at least 81,000 people, mostly Russians and Ukrainians, but also citizens. American, British and Brazilian, according to the newspaper. BBC.

"Based on our investigation, we believe that this information was obtained via malicious browser extensions installed on Facebook," Guy Rosen, Vice President, Product Management, E-mail, told Gizmodo. .

browser manufacturers to ensure that known malicious extensions are no longer available for download in their store and to share information that may help identify additional extensions that may be badociated, "said Rosen. "We also made contact with law enforcement and worked with local authorities to remove the website posting information from Facebook accounts."

"We encourage users to check out browser extensions that are" 39 they have installed and delete those that they do not use completely. trust. As we investigate, we will take the necessary steps to secure the accounts of individuals. "

Security firm Digital Shadows helped the BBC badyze the data and determined that hackers had used a browser exploit. But Rick Holland, head of information security and vice president of strategy for Digital Shadows, told Gizmodo that they still do not know which browser extension might be responsible.

"Browsers like Chrome can be very secure, but browser extensions. can introduce serious gaps in their armor. The addition of browser extensions increases what is otherwise a small area of ​​attack. "Malicious extensions can be used to intercept and manipulate data pbading through the browser," Holland said.

"Unfortunately, malicious extensions make it an official browser store like the Chrome Web Store," he continued. Browser extensions are a challenge for cyber security teams, further aggravating the situation. "

Why the huge difference between the 120 million accounts of hackers and perhaps only 81,000 accounts, according to Digital Shadows? Much of the information from the 120 million accounts may have been pulled from publicly available Facebook accounts to people who have not set their privacy settings as very restrictive. But stolen private messages look legitimate. The BBC contacted five Russian Facebook users on Facebook and confirmed that the Facebook messages offered for sale were real.

Many messages are relatively benign and include simple discussions about holidays and concerts. But as you can imagine, there are also more delicate discussions, including "an intimate correspondence between two lovers", as described by the BBC. news for the social network plagued by scandal. Between the September data breach (which directly affected some 29 million users), the continuing stream of false information and failure of moderation, and Facebook's complicity in the genocide, it is not surprising that more and more people are deleting Facebook from their phone. But if you have private messages about the service, you can also consider removing them too. They could end up on some websites offered for pennies, provided they have not already been published.

[BBC]

Update, 12:45 pm: Added comment from the Facebook guy Rosen.

[ad_2]
Source link