A user called FBSaler is offering personal data for Facebook users at $0.10 each, claiming to have account data from 120,000,000 users to offer; to prove that they have the goods, they've dumped the private messages sent by 81,000 Facebook users; and account data from 176,000.
Facebook says the data wasn't breached from its servers: it blames malicious browser plugins for sucking this data directly out of users' computers.
An independent security firm, Digital Shadows, has verified that the leaked messages and account data are real, though it may be that the account data was scraped from public data posted by Facebook users, rather than breached (whether by hacking Facebook's servers or its users' browsers).
The sample data (which was been taken down) was hosted on a server that appeared to be located in St Petersburg, Russia. The accounts seemed to mostly belong to Russian and Ukrainian users, with a smattering of US, Brazilian, British and other users.
Personal shopping assistants, bookmarking applications and even mini-puzzle games are all on offer from various browsers such as Chrome, Opera and Firefox as third-party extensions.
The little icons sit alongside your URL address bar patiently waiting for you to click on them.
According to Facebook, it was one such extension that quietly monitored victims' activity on the platform and sent personal details and private conversations back to the hackers.
Facebook has not named the extensions it believes were involved but says the leak was not its fault.
Hack Brief: Someone Posted Private Facebook Messages From 81,000 Accounts [Louise Matsakis/Wired]
Private messages from 81,000 hacked Facebook accounts for sale [Andrei Zakharov/BBC Russia]
Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.
Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it […]
There are two times you never want to just “eyeball” it: Conducting brain surgery and matching shades of paint for your walls. Whether you’re painting or repainting, make sure you’re never just “close enough” to the color you want. Not when the Nix Mini Color Sensor can scan and match any color perfectly. Small enough […]
In photography as in film, all the real artistry is in post-production – increasingly so, with the new possibilities cropping up in digital imaging. If you’re ready to get serious about your photography, may we suggest HDR Projects 2018 Pro. As working photographers can tell you, this imaging software can help you re-imagine even the […]
A picture can be worth a heck of a lot more than just a thousand words. If you’ve squinted for ages trying to get just the right photo, you might have the right passion for a career behind the camera. You might even have the right equipment, but do you have the know-how? The Beginner-To-Expert […]