Apparantly this browser extension has stolen the private facebook Messages of atleast 80k Accounts

There is a new report which will make you think twice before installing any extension on Chrome browser. The report states that the Facebook messages of atleast 81 thousand people have been compromised, and that happened because apparantly those users have had installed that extenstion(name of the extension is not been disclosed at the moment). That extension had an exploit which imported all the user data from the facebook account of the users along with the user_ID and password combo. And also according to the sources it is known that the accounts are up for sale of a meagre price of 10 cents.

It is known that a sketchy looking group has reached out to a big media company while attempting to sell them Facebook data on claims which are looking streched a bit way out of proportion of around 120 million accounts. Also this hack should not be confused with the cambridge analytica scandle which came out in late September. Also it is known from the sources that the hackers who are most likely Russian as the Big media company which they approached was BBC Russia, were telling the agency that they have messages of close to 80000 people with the majority of nationality being of Russia, Ukraine, US, Brazil, China and United Kingdom.

The VP of product management, Guy Rosen has came out and said "Based on our investigation so far, we believe this information was obtained through malicious browser extensions installed off of Facebook".

Rosen continued "We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extension that may be related", He continued "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts. "

He has gone onto say "We encourage people to check the browser extensions they've installed and remove any that they don't fully trust. As we continue to investigate, we will taek action to secure people's accounts as appropriate. '

There are a lot of security firms who are helping out the media and the public in general to get to the botttom of this matter. firms like Digital shadows have come out and helped the media analyze the data and thus they came to the understanding that the attackers have used the browser exploit. But the CIO of Digital Shadows, Mr Rick Holland told that he still does'nt know what browser extension was responsible for this hack.

"Browser like chrome can be very secure, but browser extensions can introduce serious gaps in their armor. The addition of browser extensions increases what is otherwise a smaill attack surface. Malicious extensions can be used to intercept and manipulate the data passing through the browser," said Mr Holland.

"Sadly, malicious extensions do make it into official browser stores like the Chrome Web stores," Holland continued, "and the management of browser extension is a challenge for cybersecurity teams which makes matter that much worse. "

There seem to be huge difference between the Hacker's claimed 120 million accounts and perhaps just 81k disclosed accounts, according to Digital Shadows. Much of the information from the 120 million accounts may have just been scraped from the publicly available facebook accounts from people who have'nt set their privacy settings to not very restrictive. But the stolen private messages does seems legit. The BBC contacted five Facebook users of Russia and confirmed from them whether the Facebook messages which are offered for sale are real.

After some investigation it was found that most of the messages were simple chats about going to a movie, having birthday party etc. But as people can expect, there were also some sensative chats between friends/lovers. Things which could be used against people and potentially people can be blackmailed.

Now depending on the browser, plug-in extensions are usually able to monitor a user's activity on nearly any web page. This may or may not include keystrokes(depending on whether the extension is of high severity and has a keylogger installed), but extensions have the capability of sweeping in anything which is rendered on the page for a user to see, which does include public posts/messages and private messages.

Plug-ins that provide toolbars or insert links for coupons for e-commerce are very common. However, with the soo many available extensions, it becomes really easy/likely for a malicious extension to get installed. Malicious extension have usually two options : compromise existing software through insiders or poor developer security; or they might release their own seemingly benign plug-ins that provide a usefull functions alongside snooping; or they might buy the extensions from the developers and then they can update them to include malware.

So it is advised to be careful with Plug-in and install it at your own risk.

No comments:

Post a Comment

Post Top Ad

Your Ad Spot