Facebook private messages stolen: Am I one of 81,000 victims?

Facebook Messenger seems to have been the victim of a multi-tiered attempt by hackers to extract private messages from victims. The information was collected over the course of months – likely near the beginning of the year 2018. Not much is known about the contents of the messages at this time, but it does appear likely that the entire cache of messages from Facebook Messenger users is real.

Did Facebook get hacked again?

Sort of, but not really. Facebook itself was not breached, but the browsers through which users access Facebook were compromised. Through the use of malicious browser extensions, millions of Facebook users' private messages were monitored and saved by unfriendly agents. If you use any sort of web browser extension, you might be part of this group.

Information on this set of happenings was largely collected by the BBC and the cyber-security company Digital Shadows, on behalf of the BBC. They investigated a user or group of users going by the name "FBSaler" who suggested they had some private information for sale. "We sell personal information of Facebook users. Our database includes 120 million accounts," said the user.

Security experts have been able to confirm at least 81,000 accounts thus far. Confirmations include real usernames attached to real Facebook Messenger messages meant to be private.

UPDATE: It was apparently the seller or sellers of the information on Facebook users that spoke directly with the BBC. It was they who suggested that the information was not part of the 87-million-user breach of information via Cambridge Analytica from late March, early April 2018. They also suggest that their info is not part of the September 50-million-user breach of information, either.

Am I affected by this Facebook Messenger breach?

In a statement sent to CNET, Facebook's Guy Rosen, VP of product management, suggested that "malicious browser extensions" were to blame. "We have contacted browser makers to ensure that known malicious extensions are no longer available to download in their stores and to share information that could help identify additional extensions that may be related," said Rosen. "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."

Again, to be clear, Facebook itself wasn't exactly compromised, but the fact that people can monitor Facebook through your browser should probably grab your attention. Whether or not you're using Facebook, browser extensions can compromise your private internet use in a variety of ways.

There is no current tool with which to check if your information was affected in this particular breach. If you want to check if you've been compromised in any other way over the past decade or so, you can do so with your email account (just the email, not your password, etc) over at Have I Been Pwned? Chances are you've been pwned. That doesn't mean your information is all out in the public, but if you're on any list, you might want to consider changing every one of your online passwords.

What should if I'm worried about this Facebook hack?

Over the past decade, most web browsers opened themselves up to web extensions. Browser extensions are like little software accessories for the web browser app. Browser extensions can be simple and harmless – they might just allow you to change every instance of a swear word with a word that's slightly less offensive to your sensibilities.

The extension or extensions that did the deed here might've done so through Chrome, Opera, or Firefox. It's slightly less likely that Safari was used, given the amount of steps a person would need to go through to make it happen, but anything is possible. Extensions for Chrome, Opera, or Firefox could have looked and acted in a completely innocent way. The user might never know they're being monitored. They might still be being monitored right now.

This DOES all seem to have happened through desktop user interfaces. If you've got a desktop machine (laptop, maybe even tablet) and any number of browser extensions installed, now's the time to check what's active. You can do this in Chrome like so:

Menu (three dots to the right of your URL bar -> More Tools -> Extensions. Take out any extensions of which you aren't 100% sure. Take out any extensions you don't recognize. Or just play it safe and take out all browser extensions altogether. And never download another extension ever, ever again.