{"id":14568,"date":"2018-11-02T12:31:32","date_gmt":"2018-11-02T16:31:32","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/facebook-leak-browser-extensions\/14568\/"},"modified":"2020-02-26T20:29:32","modified_gmt":"2020-02-26T14:59:32","slug":"facebook-leak-browser-extensions","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/facebook-leak-browser-extensions\/14568\/","title":{"rendered":"New leakage of Facebook user data, including private messages"},"content":{"rendered":"

Little more than a month has passed since the last major Facebook data breach<\/a>, and now there is more unpleasant news for users of the social network. Using malicious browser extensions, cybercriminals are alleged to have harvested the data of tens of millions of people, including private messages.<\/p>\n

What happened?<\/h2>\n

A BBC investigation<\/a> reported that an online forum was offering to sell the personal data of 120 million Facebook users, at 10 cents per individual profile. To prove the value of the data, a small part of the database was made publicly available, consisting of data for 257,000 users, including the private messages of about a third (81,000) of them.<\/p>\n

The claim that 120 million accounts are at risk of exposure cannot, of course, be confirmed or refuted without access to the full version of the database. However, according to the BBC journalists who checked the data, everything appears to suggest that the leaked portion of the archive is real.<\/p>\n

Is this linked to the Facebook leak a month ago?<\/h2>\n

Apparently, the breaches are unrelated. The earlier incident<\/a> involved the use of Facebook vulnerabilities for centralized, \u201cwholesale\u201d data theft. But in the latest case, data was harvested using malicious browser extensions that the victims had installed on their own computers. This is a different ball game altogether.<\/p>\n

Malicious browser extensions? What\u2019s that all about?<\/h2>\n

Extensions (also known as plug-ins or add-ons) are small programs that are installed \u201con top\u201d of the browser, extending its functionality. Examples include toolbars that change the browser interface, ad blockers, and so forth. The problem with these extensions is that they can \u2014 and most of them do, as part of their regular operation \u2014 see all the content that browser is showing you (and change it too, for that matter).<\/p>\n

This ability makes them highly adept at tracking the user\u2019s online movements and collecting various data. The case at hand is about data harvested from Facebook pages. But in principle, any information can be stolen this way. Banking data, for example, is also far from immune<\/a>. See the post \u201cWhy you should be careful with browser extensions<\/a>\u201d for more details.<\/p>\n

It is not yet clear, and may never be, which extensions were used in the latest Facebook data breach. So, other data might have been stolen; we don\u2019t know that yet.<\/p>\n

At present, we can make two general recommendations based on this story:<\/p>\n