Hackers have reportedly been found selling private messages from 81,000 hacked Facebook accounts. The attackers allegedly claim to possess the details of a total of 120 million Facebook accounts, which they obtained access to via malicious browser extension.
Most of the affected users are believed to be located in Russia and Ukraine. However, some victims are also from the UK, the US, Brazil and elsewhere, the BBC reported.
"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," said Facebook executive Guy Rosen, BBC reported. "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."
The breach was reportedly first discovered in September 2018, when one of the hackers behind the attack advertised the stolen Facebook account data on an underground forum. The data was obtained by the hackers thanks to a malicious browser extension that scraped user data.
The breach is bad news for Facebook as it once again highlights the social media giant’s security posture. In the wake of the massive Cambridge Analytica breach, Facebook’s security and privacy policies have been extensively scrutinized and challenged. The firm continues to face flak from the US government and global regulators.