Private Messages for 81k Hacked Facebook Accounts Being Sold Online

Facebook

Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.

According to research conducted by the BBC, a seller going by the name “FBSaler” began posting on underground criminal forums about having access to the information of 120 million Facebook users as well as access to the private messages of 81,000 profiles. These accounts are being sold for 10 cents each.

FBSaler first marketed this database on an underground hacking forum called BlackHatWorld where the seller stated that “We sell personal information of Facebook users. Our database includes 120 million accounts, with the ability to sample by specific countries. The cost of one profile is 10 cents.” 

They then provided a link to a site called FBServer where some sample data was posted.

“Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it,” continued the BBC report.

FBSaler Sample Data
FBSaler Sample Data (Source: BBC)

According to an investigation by Facebook, this information appears to have been harvested through malicious browser extensions.

Malware harvesting Facebook data is common

Trojans and malicious browser extensions stealing Facebook data is nothing new as BleepingComputer has reported on them in the past.

For example, in September 2017 we wrote about a malicious Chrome extension called Browse-Secure that masqueraded as an extension that allows you to perform encrypted searches. Behind the scenes, though, the extension would connect to Facebook and steal information from a victim’s logged in account.

Network Requests to Facebook by Browse-Secure Extension
Network Requests to Facebook by Browse-Secure Extension

Then in November 2017, we reported on an information-stealing Trojan being installed by Adware bundles that would connect to Facebook and steal information. This Trojan is called AdServices and uses Chrome DLL Hijacking to load every time the browser is started.

Once started, it would connect to a variety of Facebook URLs and steal information from them.

URLs Harvested by AdServices Trojan
URLs Harvested by AdServices Trojan

As you can see, malware that harvests information from your Facebook accounts is not uncommon and users must be careful about what programs they install on their computer.

It is strongly suggested that users avoid browser extensions altogether unless they are have good ratings and have been installed by many people as the review process for browser extensions leaves something to be desired.