Facebook messages have been stolen and published by hackers

The hackers tried to convince potential buyers – and the BBC's Russian service – that they had hacked Facebook's security and extracted private messages of 120 million accounts. However, according to an external expert quoted by the BBC, it appears that at least 81,000 Facebook accounts have been victims of an invasion of privacy. And according to Facebook, the violation is due to browser extensions containing malware.

"We have contacted the browser makers to ensure that known malicious extensions are no longer available for download in their stores and to share information that may help identify additional extensions that may be associated", said Guy Rosen, vice president of Facebook's product manager, in a statement. declaration.

Hackers originally published in September an offer of personal information on 120 million Facebook accounts on an English-speaking forum. This included a sample of data that an expert had reviewed by the BBC, confirming that more than 81,000 private messages of profiles were included. Additional data could have been extracted from public Facebook pages on 176,000 additional accounts.

Facebook's Rosen said his security was not compromised and urged users to remove any plug-ins they do not fully trust. Rosen said the social network had informed law enforcement that the website hosting the Facebook account data had been removed.

Depending on the browser, plug-in extensions can be used to monitor a user's activity on any web page. This usually does not include keystrokes, but extensions can scan everything that is rendered on a page in a user's view, such as public and private messages.

Plug-ins providing toolbars or links inserted into ecommerce coupons are common. However, with so many extensions available, malicious parties have many options: compromising existing software through insiders or poor security of developers; release their own seemingly benign plug-ins that provide a useful function alongside spying; or buy extensions from developers, then update them to include malware.

So, install at your own risk.