Windows News and info 15th Anniversary 2009-2024

Social Media - Search Engines - Browsers => Social Media => Topic started by: javajolt on November 04, 2018, 03:55:53 PM

Title: Private Messages for 81k Hacked Facebook Accounts Being Sold Online
Post by: javajolt on November 04, 2018, 03:55:53 PM
(http://i.postimg.cc/ZnmNXtBZ/download.jpg)
Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.

According to research conducted by the BBC, a seller going by the name "FBSaler" began posting on underground criminal forums about having access to the information of 120 million Facebook users as well as access to the private messages of 81,000 profiles. These accounts are being sold for 10 cents each.

FBSaler first marketed this database on an underground hacking forum called BlackHatWorld where the seller stated that "We sell personal information of Facebook users. Our database includes 120 million accounts, with the ability to sample by specific countries. The cost of one profile is 10 cents."

They then provided a link to a site called FBServer where some sample data was posted.

"Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it," continued the BBC report (http://www.bbc.com/news/technology-46065796).

(http://i.postimg.cc/4dD7VCbV/sample-data.jpg) (http://i.postimg.cc/6pJ2yN5X/sample-data.jpg)
FBSaler Sample Data (Source: BBC) click to enlarge

According to an investigation by Facebook, this information appears to have been harvested through malicious browser extensions.

Malware harvesting Facebook data is common

Trojans and malicious browser extensions stealing Facebook data is nothing new as BleepingComputer has reported on them in the past.

For example, in September 2017 we wrote about a malicious Chrome extension called Browse-Secure that masqueraded as an extension that allows you to perform encrypted searches. Behind the scenes, though, the extension would connect to Facebook and steal information from a victim's logged in account.

(http://i.postimg.cc/B6HQWjHP/fiddler-getting-uid.jpg) (http://i.postimg.cc/m2wk21qQ/fiddler-getting-uid.jpg)
Network Requests to Facebook by Browse-Secure Extension click to eblarge

Then in November 2017, we reported on an information-stealing Trojan being installed by Adware bundles that would connect to Facebook and steal information. This Trojan is called AdServices (http://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/) and uses Chrome DLL Hijacking to load every time the browser is started.

Once started, it would connect to a variety of Facebook URLs and steal information from them.

(http://i.postimg.cc/2SG0wGtV/strings.jpg) (http://i.postimg.cc/HshG2p8q/strings.jpg)
URLs Harvested by AdServices Trojan click to enlarge

As you can see, malware that harvests information from your Facebook accounts is not uncommon and users must be careful about what programs they install on their computer.

It is strongly suggested that users avoid browser extensions altogether unless they have good ratings and have been installed by many people like the review process for browser extensions leaves something to be desired.

source (http://www.bleepingcomputer.com/news/security/private-messages-for-81k-hacked-facebook-accounts-being-sold-online/)