Messages from 81,000 hacked Facebook accounts reportedly up for sale

The social network suspects that "malicious browser extensions" are to blame.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture, Video Games, Breaking News
Sean Keane
2 min read

More than 81,000 Facebook users' private messages may have been hacked.

Joel Saget / AFP/ Getty Images

Hackers are reportedly offering to sell private messages from at least 81,000 Facebook accounts.

Many of the compromised accounts belong to Facebook users in Ukraine and Russia, but some are from the US, the UK, Brazil and other countries, the BBC reported Friday.

The hackers claim to have details from 120 million accounts. They are offering to sell them at 10 cents per account.

The BBC noted that it's unlikely Facebook would've missed such a huge breach.  However, the BBC did confirm that more than 81,000 accounts published as a sample contained private messages and that five Russian users affirmed that their messages were among them. One of the sites where the data was published seems to have been set up in St. Petersburg, the BBC said.

Watch this: Facebook explains breach that exposed data on 50 million users

The sellers told the BBC that the hacked data wasn't related to the Cambridge Analytica scandal or to the data breach that Facebook reported in September.

After investigating the claims, Facebook said it suspects the account information was gathered by "malicious browser extensions," which can range from online shopping assistants to ad blockers. They're generally available through browser makers' stores and have access to information about people's web activity across online services they use.

"We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related," Guy Rosen, Facebook's vice president of product management, said in an emailed statement.

"We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

Rosen also suggested people check any browsers extensions they've installed and "remove any that they don't fully trust."

The nine types of Facebook ads that Russian trolls paid for

See all photos