Hackers Claim They Possess Details of 120 Million Facebook Accounts, Publish Private Messages From 81,000 of Them (bbc.com)

← Back to Stories (view on slashdot.org)

Hackers Claim They Possess Details of 120 Million Facebook Accounts, Publish Private Messages From 81,000 of Them (bbc.com)

Posted by msmash on Friday November 2, 2018 @02:00AM from the rogue-extensions dept.

Andrei Zakharov, reporting for BBC: Hackers appear to have compromised and published private messages from at least 81,000 Facebook users' accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure. Facebook said its security had not been compromised. And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected. The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere. The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline. "We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," said Facebook executive Guy Rosen. "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

37 comments

Min score:

Reason:

Sort:

I believe Facebook by Opportunist · 2018-11-02 02:02 · Score: 5, Funny

They do what they can so no hacker can sell your most intimate details.
That's already their own business model, dammit! Who wouldn't fight competition when possible?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Yet another reason.... by cayenne8 · 2018-11-02 02:07 · Score: 5, Insightful

....NOT to be on Facebook....
Or most other social media.

--
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
1. Re:Yet another reason.... by bill_mcgonigle · 2018-11-02 02:20 · Score: 3, Insightful
  
  It's clearly a reason to not trust them with sensitive data. Tell us the risks of sharing your kids' Halloween pics with Aunt Helen?
  Shades of meaning are essential for accurate risk analysis.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
2. Re:Yet another reason.... by Anonymous Coward · 2018-11-02 02:56 · Score: 0
  
  Just yesterday got a phishing email which include my 000webhost account login details (email+password in clear) that I didn't even access for months.
  As a security and privacy aware nerd, that password is obviously hard to guess and exclusive for the site.
  So even if you don't use social media that doesn't mean you can forgo operational security, not only with login details but with posts, photos or anything YOU upload to the internet.
3. Re:Yet another reason.... by shplopt · 2018-11-02 02:57 · Score: 3, Informative
  
  It's probably not all that dangerous on a micro leve, but in the age of social mapping, personalized psychographics, and cybernetics, data brokers are becoming better and better at quantifying every data point. Metadata is much more valuable to them than any particular personal secret or private thought.
4. Re:Yet another reason.... by Actually,+I+do+RTFA · 2018-11-02 03:04 · Score: 3, Funny
  
  ell us the risks of sharing your kids' Halloween pics with Aunt Helen?
  Well, feeding advertisers pictures of your kids, their favorite characters, and where they live doesn't sound great to me. But then again, I think it's the parent's responsibility to protect their children from assholes in the world. But, whatever, let that be more one more datapoint for the targeted ads that manipulate their little minds.
  
  --
  Your ad here. Ask me how!
5. Re:Yet another reason.... by Anonymous Coward · 2018-11-02 04:39 · Score: 3, Informative
  
  The more information a group has about a person, the better profile they can build on them. The better the portfolio of profiles, the more easily they can manipulate the individuals. This is how advertising works. But these methods are used for more than just trying to sell products, they are also used by political campaigns that try to figure out how to target individuals with ads, article recommendations, and other content that will be more likely to convince the individual to vote for their cause. This was what the whole Cambridge Analytica scandal was about.
  Those profiles could also be used by agitators to figure out how to manipulate people to divide them, instigating more and more toxic interpersonal interactions in a region. Some of those agitators might be the politicians from those regions themselves, while other could be interests from outside those regions.
6. Re:Yet another reason.... by Anonymous Coward · 2018-11-02 05:16 · Score: 1
  
  Yes. They know that you have phoned the abortion clinic, visited the abortion clinic's website, went to the abortion clinic with your car and left a couple hours later, but they don't know if you aborted a pregnancy.
7. Re:Yet another reason.... by cayenne8 · 2018-11-02 05:32 · Score: 1
  
  Tell us the risks of sharing your kids' Halloween pics with Aunt Helen?
  Why would you want to let a myriad of faceless corporations, hackers or anyone other than family and close friends even KNOW you have kids or an Aunt Helen?
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
8. Re:Yet another reason.... by Anonymous Coward · 2018-11-02 06:45 · Score: 0
  
  Why would you want to let myriad faceless corporations...
  FTFY
9. Re:Yet another reason.... by JustAnotherOldGuy · 2018-11-02 10:59 · Score: 2
  
  Tell us the risks of sharing your kids' Halloween pics with Aunt Helen?
  Facial recognition of your kids (possibly), geotagging, aggregating it with other sources to "refine" the specificity of the data, etc etc etc.
  If you don't think your "harmless" publicly-posted data can be misused or weaponized, you haven't been paying attention.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
Thanks, TRUMP by Anonymous Coward · 2018-11-02 02:07 · Score: 0

This all TRUMP fault

msmash
Facebook Statement by forkfail · 2018-11-02 02:07 · Score: 4, Insightful

We are shocked and outraged at this illegal and illicit activity. We at Facebook take protecting the data we collect very seriously. How else are we supposed to get top dollar for selling it to the highest bidder?

--
Check your premises.
Uses by Anonymous Coward · 2018-11-02 02:11 · Score: 0

The hackers are welcome to pictures of museums and my kids at Disney World, and DMs to my cousins about their new house. 'Cause that's about all I use Facebook for.
How to use Facebook:
1. No politics
2. Nothing private
3. No apps or games
4. Don't use single sign on from anything else to Facebook, or from Facebook to any other site
5. Only friend immediate friends and family
1. Re:Uses by phantomflanflinger · 2018-11-02 02:27 · Score: 2, Insightful
  
  Then you might as well not use it. I hear this all the time: "I only use FB for a) and b) and sometimes c), blah blah...." Just close your account then.
  
  There will come a day when having never used social media will be an accolade - and it can't come too soon.
  
  --
  shin phantomflanflinger
2. Re:Uses by Anonymous Coward · 2018-11-02 03:33 · Score: 0
  
  Then you might as well not use it. I hear this all the time: "I only use FB for a) and b) and sometimes c), blah blah...." Just close your account then.
  Sure, but Facebook is pretty good for use cases A-C, but not for use cases D-Z, for my scenarios anyway. If it already works well for what I want to use it for, then why stop using it?
be skeptical ... by Anonymous Coward · 2018-11-02 02:35 · Score: 0

it could be a lot more accounts than that.
BREAK THEM UP by Anonymous Coward · 2018-11-02 02:42 · Score: 0

Meanwhile gab.com which did nothing wrong as a platform is taken down. Bring these criminal corporations to justice. They incite the hatred along with their brothers in the mainstream news. Remember the genocide the Burmese (Myanmar) government accused them of stoking. These companies are the real predators. They are globalist scum
LAWL!! by Anonymous Coward · 2018-11-02 02:56 · Score: 0

The site that's all about oversharing to the world has been breached.
What next, Twitter? LAWL!!!!
You lost me at "hackers appear..." by Anonymous Coward · 2018-11-02 02:59 · Score: 0

No, these are not "hackers". No, you don't know jack shit. That's all the information you have for me. Thank you so much for that. Next!
bah by Anonymous Coward · 2018-11-02 03:07 · Score: 0

Stolen from advertisers. Who cares? Facebook is not private.
Delusional end-users by Anonymous Coward · 2018-11-02 03:11 · Score: 0

Delusional end-users if you think posting private details to a cloudy service will remain secret.
Live by the cloud, die by the cloud.
i got your account messages LOL by Anonymous Coward · 2018-11-02 03:40 · Score: 0

nananananana
1. Re:i got your account messages LOL by Opportunist · 2018-11-02 12:59 · Score: 0
  
  Really?
  Care to share? I didn't even know I have an account.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You're right about it being an illusion by Anonymous Coward · 2018-11-02 03:53 · Score: 0

There is no such thing as private details. Your concept of personal privacy is a construct that is quickly crumbling.
ZIP
Tech companies too easy to hack into by Anonymous Coward · 2018-11-02 05:17 · Score: 0

Why is security still so embarrassing?
1. Re:Tech companies too easy to hack into by UnknownSoldier · 2018-11-02 05:30 · Score: 1
  
  1. Security is viewed as an expense instead of as an investment.
  * It takes 20 years to build a good reputation,
  * It takes 20 seconds to lose it.
  2. Murphy's Computer Law:
  There is never time to do it right, but always time to do it over.
Some help please? by Ol+Olsoc · 2018-11-02 05:32 · Score: 1

I bought a computer off a guy on facebook, it wasn't as advertised, and he ghosted me. Cany y'all hackers help?

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Who's sending by bblb · 2018-11-02 05:35 · Score: 1

Who's sending anything that's actually sensitive or confidential through facebook?? Apart from some nudes that women have sent me, there's nothing in my private messages that I'd care about being published to the public.
1. Re: Who's sending by Anonymous Coward · 2018-11-02 06:05 · Score: 0
  
  Youâ(TM)re right, but this is still an issue: Dear aunt Helen, bblb still canâ(TM)t get it up and theyâ(TM)re behind on rent again. How are you?
  Fbooks classifiers trivial task is figuring out who weâ(TM)re discussing and adding info to that profile. Doesnâ(TM)t matter if itâ(TM)s true-true because itâ(TM)s a relative truth. Itâ(TM)s what your friends think about you.
2. Re: Who's sending by richi · 2018-11-07 05:04 · Score: 1
  
  Great to see /. still hasn't figured out Unicode :-(
I for one by Anonymous Coward · 2018-11-02 06:43 · Score: 0

...would buy a few Russian spy ones for 5 bucks apiece.
This is why my facebook promotes FAKE-NEWS. by Anonymous Coward · 2018-11-02 06:59 · Score: 0

This is why my facebook promotes FAKE-NEWS.
M.A.G.A
compromised or "clicked allow" by Anonymous Coward · 2018-11-02 09:10 · Score: 0

Does FB "security" consider it a breech when users permit an app/page/ad (on FB of course) access to their data?
If not, it would be 100% simple to have both sides be telling the truth. No brainer.
Ask FB a more precise question if you want to find out for sure if this really is true.
Dang by JustAnotherOldGuy · 2018-11-02 10:56 · Score: 1

I don't have a Facedork account, how can I get in on this free dissemination of my data??

--
Just cruising through this digital world at 33 1/3 rpm...
Planting the seeds of future spying revelations by jbn-o · 2018-11-03 06:07 · Score: 1

I concur; it's disappointing that people on a tech site such as /. conflate the intention of the user posting the material with how the posted material can be used later (even within the scope of uses we can identify today which is no doubt just the start). From a technical (as opposed to ethical) perspective, the poster's intention is irrelevant. The parent post is underrated and the grandparent post is overrated.
People in the future might not enjoy knowing that the choices they made today were the basis of learning a bunch of other people's coordinates and directionality/orientation of their bodies, and have a high degree of certainty who that was based on information from what are deemed socially sufficiently accurate inferences. All of that data comes from data shared with naive intention by people who, as the parent poster rightly put it, "haven't been paying attention" and some time with algorithms that essentially make a timeline by putting together analysis of school yearbook photos, Halloween shots, home videos, street footage, "smart TV" or "cell phone" (really, 'tracker' is a more honest name) camera/mic spying, and other sensor data. People today would likely find that kind of tracking creepy but it's possible. Tech people should be teaching the public to value their own privacy and the privacy of their friends and family now. Sometimes this means having the spine to say no to fads like Facebook accounts, installing proprietary software, and recording and/or sharing every moment when one doesn't know the scope of what they're sharing. There's a big difference between sending someone a copy of a digital picture versus showing them a snapshot in person. Innocently sharing such data (even unwittingly) contributes to a society in which a future of pervasive spying is increasingly likely.

--
Digital Citizen