![](\"https:\/\/media.wired.com\/photos\/5bdc96becacf35399586ee94\/master\/pass\/fb_hack_browser_extension-FINAL.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Louise Matsakis| Date: Fri, 02 Nov 2018 20:31:45 +0000<\/strong><\/p>\n It\u2019s true: Facebook has<\/em> experienced a number of security-related issues lately, including a breach<\/a> disclosed in September that compromised at least 30 million accounts<\/a>. But that incident doesn\u2019t explain why tens of thousands of private Facebook messages reportedly ended up for sale on an internet forum the same month, according<\/a> to the BBC Russian Service. The culprit likely responsible for the leak, Facebook says, is a pest outside of the social network\u2019s direct control: malicious browser extensions. Google, which has over 60 percent<\/a> of the browser market share, has said<\/a> the number of malicious Chrome extension downloads has decreased significantly over the past several years, but this breach proves malware-packed browser tools remain an issue.<\/p>\n In September, the BBC reports, a user named FBSaler appeared on an English-language internet forum offering to sell personal information belonging to 120 million Facebook accounts for 10 cents each. The BBC didn\u2019t specify on which forum the seller posted their offer, but the web is littered with marketplaces<\/a> where criminals sell stolen personal information, such as credit card numbers.<\/p>\n FBSaler posted a sample of their data on a separate web page, and the BBC had it examined by the cybersecurity firm Digital Shadows. The company found that more than 81,000 of the stolen accounts included private messages. The BBC reached out to five Russian users whose data was included, and they verified the messages\u2019 legitimacy.<\/p>\n Digital Shadows also analyzed data from 176,000 additional sample accounts, which included information like phone numbers and email addresses. It\u2019s possible this data was scraped from Facebook users who had posted it publicly, whereas the other accounts appear to have had truly private messages stolen.<\/p>\n It\u2019s not clear who\u2019s responsible for stealing the Facebook data, but the BBC says one of the websites where the stolen information was posted appears to have been set up in Saint Petersburg, Russia. Facebook says the hackers were able to obtain the info using malicious browser extensions, but the company didn\u2019t provide any specifics.<\/p>\n Many of the users whose information was stolen are based in Ukraine and Russia, though some are from the UK, US, Brazil, and other countries, according to the BBC. The hacker selling the data claimed to have information belonging to 120 million Facebook accounts, or roughly 6 percent of the more than 2 billion<\/a> people who use Facebook each month. They might be bluffing\u2014it\u2019s unlikely that Facebook would have missed a security issue affecting so many users\u2014but there\u2019s no way to know for sure, unless Facebook publicly discloses how many accounts it thinks were impacted. The BBC says that FBSaler\u2019s advertisement for the stolen data has since disappeared.<\/p>\n The good news is that it doesn\u2019t appear Facebook\u2019s platform was compromised in any way. In order to have been affected by this issue, you would have needed to download a malicious browser extension from a place like the Google Chrome store, Firefox Add-ons, or Safari\u2019s Extensions Gallery. It\u2019s not good that Facebook failed to notice that an extension was sucking up user data, but if you\u2019re diligent about downloading plug-ins from trustworthy developers, you shouldn\u2019t be too worried.<\/p>\n \u201cWe have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts,\u201d Guy Rosen, Facebook\u2019s vice president of product, said in a statement.<\/p>\n Rosen added that users should check the browser extensions they\u2019ve installed and delete any they don\u2019t fully trust. This incident is a good reminder that free extensions\u2014like, say, shopping tools or bookmarking shortcuts\u2014may be tempting, but they can sometimes come with a malware surprise. It\u2019s also never a bad idea to check you\u2019re not downloading a copycat: Last year, Google caught three malicious extensions<\/a> masquerading as AdBlock Plus, one of which had been downloaded tens of thousands<\/a> of times before it was removed.<\/p>\n