Since the last big drop in Facebook data, it was a little over a month when news came even more unpleasant to the users of the social network. Using a malicious browser extension, cybercriminals may have captured tens of millions of personal data, including private messages, reported by Kaspersky Lab.
The BBC survey said the online forum was offered to sell 120 million Facebook user data by 10 cents for each individual profile. To demonstrate the value of the data, a small part of the databases have been publicly displayed. It contained 257,000 user data, including private messages for approximately one third (81 thousand) of them.
The disclosure claim of the 120 million account may not be confirmed or denied without access to a full version of the database, but according to BBC thinkers who have verified the data, it seems that the filtered portion of the file is real.
Apparently, both leaks are not interconnected. The previous incident is related to the vulnerability of Facebook with the use of centralized data exchange, but in the latter case data is collected using malicious browser extensions that have installed the victims on their computers. This is absolutely something else.
Extensions (also known as add-ons or add-ons) are small programs that are installed in the browser to extend its functionality. Examples are toolbars that modify the browser interface, ad blockers, and the like. These extensions are a problem so they can – and most of them do it as usual – see all the content that the browser displays (and also change it, if so).
This capability makes highly qualified user activity on the Internet for trackers and data collectors. In this case, we are talking about data collected in Facebook pages, but in principle this can steal any information. Bank data, for example, is also not protected. For more information, see "Why should I be wary of browser extensions?"
For now, there is not and maybe it will never be clear what extensions have been used in the last leak of Facebook data. Other data may be stolen; It is not known for now.
Based on this event, Kaspersky Lab experts can now make two general recommendations.
• Be careful with browser extensions and do not install without distinction. Now some sites contain a lot of more valuable information and the extensions have access to it.
• Be careful with private online lists. It can be much less private than you think.