More than 81,000 Facebook users' private messages may have been hacked. The information was obtained through malicious browser extensions. Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account. Many of the compromised accounts belong to Facebook users in Ukraine and Russia, but some are from the US, the UK, Brazil, and other countries.  

According to research conducted by the BBC, a seller going by the name "FBSaler" began posting on underground criminal forums about having access to the information of 120 million Facebook users as well as access to the private messages of 81,000 profiles. These accounts are being sold for 10 cents each. FBSaler first marketed this database on an underground hacking forum called BlackHatWorld where the seller stated that "We sell personal information of Facebook users. 

Our database includes 120 million accounts, with the ability to sample by specific countries. The cost of one profile is 10 cents."  They then provided a link to a site called FBServer where some sample data was posted.  One of the sites where the data was published seems to have been set up in St. Petersburg, the BBC said.

Data from a further 176,000 accounts were also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it," continued the BBC report. The breach was first discovered in September after one of the hackers advertised the stolen data on a forum. The message details were obtained after users downloaded a malicious browser extension that then scraped the information from their accounts. 

Facebook Blames Malicious Browser Extensions For The Breach

After the discovery, the BBC team contacted Facebook regarding the matter. Facebook officials suspect a malicious browser to exfiltrate users’ data. They confirm that their security was not compromised and that they have contacted the developers. However, they did not name any specific extension. 

According to Guy Rosen told that We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores.” They also confirm that they have involved law enforcement agencies as well to investigate the matter. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.