It has been a little over a month since Facebook's last serious decline in Facebook when social media users have received even more unpleasant news. Using malicious browser extensions, cybercriminals could capture tens of millions of personal information, including private messages, reported by Kaspersky Lab.
The BBC inquiry says that the online forum offered to sell 120 million Facebook user data for 10 cents for each individual profile. To demonstrate the data value, a small part of the databases was publicly displayed. It contained 257,000 user data, including private messages about one third (81,000) of them.
The alleged disclosure of 120 million accounts can of course not be confirmed or rejected without access to the full database, but according to the BBC thinkers who have checked the data, everything seems to suggest that leaked part of the archive is true.
It seems that both spills are not interrelated. The previous event is related to Facebook's susceptibility to the use of centralized data exchange, but in the latest case, data is collected using malicious browser extensions that the victims have installed on their computers. This is absolutely something else.
Extensions (also known as plugins or add-ons) are small programs installed in the browser to extend their functionality. Examples are toolbars that change the browser interface, ad blockers, and the like. Such extensions are a problem, so they can – and most of them do it as usual – see all the content the browser displays (and also change it if so).
This possibility makes them highly qualified users on the Internet for trackers and data collectors. In this case, we're talking about data collected from Facebook pages, but in principle it can steal any information. Bank details, for example, are also not protected. For more information, see "Why be cautious about browser extensions."
For now, there is no and it will never be clear which extensions have been used in the latest Facebook data leak. Maybe other data has been stolen; It is not known yet.
Based on this event, Kaspersky Lab experts can now formulate two general recommendations.
• Watch out for browser extensions and do not install them without distinction. Now some sites contain many of our most valuable information, and extensions have access to them.
• Watch out for private online auctions. It can be much less private than you think.