The hackers claimed to have access to 120,000 accounts, but “there are reasons to be skeptical about that figure,” according to BBC’s reporting. BBC spoke to Digital Shadows, a cybersecurity company, which told them such a large breach would likely have been flagged by Facebook. Facebook told BBC it is taking steps to protect other accountholders from being hacked. The company said its servers have not been accessed, and malicious web browser extensions are instead to blame.
“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” Facebook exec Guy Rosen told BBC. He also said the company has reached out to law enforcement to work on removing the websites hosting the hackers, one of which appears to be located in St. Petersburg, Russia.
A post from user FBSaler claimed to sell personal information off Facebook back in September. An examination into the claim by Digital Shadows found that the 81,000 profiles posted online contained private messages. BBC reached out to the owners of five of the profiles and confirmed that the messages were theirs. Another 176,000 accounts also had data leaked.
The areas most affected by this hacking appear to be in Russia and Ukraine, but BBC reports that users in the U.S., U.K., Brazil, and elsewhere are also at risk. Examples of leaked data include photos from a vacation, complaints about family members, and an intimate exchange between lovers.
According to BBC, the main culprits are extensions like “personal shopping assistants, bookmarking applications and even mini-puzzle games.” Facebook said it was one such extension that allowed hackers to gain personal information on users.
BBC Russian Service reached out to the hackers, too, posing as a potential buyer. A reply in English from a “John Smith” claimed the hacked accounts were not connected to those involved in the Cambridge Analytica scandal or the breach in mid-September.