Your stolen Facebook IDs and passwords may have been sold on the Dark Web for only $ 3 USD, a new study reveals. According to the researchers, it is very easy to buy a Facebook account on several online platforms. Attention, Facebook is not the only social network involved in this black market, the study said. Hackers have managed to get hold of several Facebook accounts. According to them, 120 million accounts were corrupted. The hackers put them on sale for only 10 cents each. They also posted private messages of 81,000 accounts.
Has there been a new security hole in Facebook? Not exactly. The hackers have gone through extensions that are installed on Chrome, Firefox or any other browser to retrieve the identifiers and passwords typed by users. These were malicious extensions as we might suspect, but the users did not know it.
“We have contacted the creators of browsers to ensure that known malicious extensions can no longer be downloaded from their sites,” said Facebook to the BBC. “We also contacted law enforcement and worked with local authorities to remove the website that posted Facebook account information,” added the social network. The evoked website is a forum where one of the hackers posted his message to sell the accounts.
The accounts are mainly located in Ukraine and Russia. The rest is located in the United States, the United Kingdom, Brazil and elsewhere.
hackers have access to your profile?
Because they could access the accounts as if they were the owners, the hackers could potentially see all the information with the possibility to edit, publish, comment… Facebook says not to know precisely what they have accessed the hackers or if they did anything of this information.
According to initial findings, hackers did not seem to access private messages or post publications while passwords were not compromised, nor banking information.
It often happens that hackers resell information on the “dark web”, a hidden part of the internet whose content is not indexed by search engines.
measures have been taken?
The group said it repaired the fault on the evening of 27 September and warned the FBI, as well as the regulator of the sector in Ireland, country where is its European headquarters.
Starting in the evening of the 27th, the group has cautiously reset the access tokens of the 90 million accounts that were definitely or probably affected, which led to their disconnection, forcing users to manually reconnect. They also received a message on their news feed. Facebook has suspended “See as”.
What does Facebook risk?
Difficult to answer this question, which revolves around two points and depends on a multitude of laws and regulations: Facebook has badly protected the data of its customers? Has he been too late to inform them?
In the United States, at the federal level, it is the Federal Trade Commission (FTC) that is responsible for verifying whether companies have poorly protected the personal information of their customers against piracy. It can impose fines.
Personal data may also be protected by laws at the state level, more or less binding. All states are now obliging to reveal data leaks. State or individual authorities can bring legal action to claim damages.
In Europe, since the RGPD introduced in May, the regulation that strengthened the security of personal data, companies can be fined up to 4% of their global annual turnover if they do not comply with the rules, either $ 1.6 billion for Facebook. The group seems in any case to have respected the European deadline of 72 hours maximum to make public a leak of data
Facebook hacked: choose a strong password.
To do this here are some tips… We use passwords so often on the Internet that some users make the mistake of choosing the same everywhere. This is of course something to avoid, because it’s enough for only one of your accounts to be hacked for someone to steal your identity by having access to your e-mail, your social networks, etc. Do not use passwords to guess others: kiki75, iamkiki99 and KiKi01 are to be banned! It takes less than a second for password cracking software to find sesames about yours in this case. And most importantly, never take a password that is in the dictionary (or that means something): alternate capitals, lowercase letters, numbers and special characters (^ £ – #, etc.). This applies to all your Internet accounts of course.