Saturday, June 14, 2025
HomeCyber AttackHackers are Selling Private Messages From at least 81,000 Facebook Users' Accounts

Hackers are Selling Private Messages From at least 81,000 Facebook Users’ Accounts

Published on

SIEM as a Service

Follow Us on Google News

Hackers appear to have private messages of 81,000 Facebook compromised accounts reportedly stolen through rouge browser extension that monitors the conversations and send’s the data back to hackers.

According to BBC Russian Service, the hackers appear to have 120 million users accounts personal details and private conversations.

Hackers offering the data for less than 10 cents (8p) per account, most of the compromised user accounts based in Ukraine and Russia and few accounts from UK, US, Brazil and elsewhere.

- Advertisement - Google News

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

Digital Shadow examined the compromised data that the sample data posted contains the private messages of 81,000 Facebook users.

“Data from a further 176,000 accounts was also made available, although some of the information including the email addresses and phone numbers, could have been scraped from members who had not hidden it,” reads BBC blog post.

BBC Russian service emailed to the advertised email address alongside the hacked details and posing as buyer interest.

The advertiser of the data confirmed the data was not associated with Cambridge Analytica scandal or the subsequent security breach revealed in September.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts,” Rosen said.

Last October Facebook said that hackers accessed 29 million Facebook users data by the recent data breach and stolen users personal details such as Email and phone number and other data what compromised user had in their accounts.

Following to that hackers advertised stolen Facebook credentials between $3 and $12 and it can be purchased only through the bitcoin and bitcoin cash.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...