Facebook Hackers Offer Up Your Information For A Measly $.10

Poor, poor Facebook. It’s a fun social media tool, but lately it seems everyone is just out to get it. In the most recent story, hackers announced they had found a way through Facebook’s security defenses and pulled private messages from 120 million user accounts and is putting it up for sale at $.10 a pop. Separately, experts at the cyber security company Digital Shadows said that more than likely, the users of around 81,000 accounts had their privacy breached. Precise numbers and claims, aside, the kicker isn’t the lack of Facebook security. Those hackers got the information from malicious browser extensions.

We’ve mentioned the risk of using browser extensions several times. They can be fun little tools and often very useful. However, they are also dangerous and this is another instance making that case. If you don’t need them, don’t use them…and most of the time, you really don’t need them.

It isn’t being disclosed what the specific browser extensions are to blame here, if it or they are even known, but a spokesperson for Facebook said they contacted browser makers to ensure that known malicious extensions are removed from their stores. But that doesn’t mean these or others won’t show up again. Make sure that if you are going to use extensions, regardless of whether it’s for Chrome, Firefox, Edge, or any others that you do the due diligence necessary to make sure, to your most confident level that they are not going to collect information and send it away without your consent.

Extensions can do a lot of stuff. They can monitor user activity on any web page and send it away for marketing purposes, they can act as personal shopping assistants, can be games or puzzles, or can allow you to change the layout of a website to whatever tickles your fancy. But these and others can open up holes and allow hackers to capture information as well and sell it to the highest bidder, which is the case with this Facebook incident.

Also use caution about what information you put into Facebook or any social media or networking website. That information can be used against you in targeted phishing scams. The more the public knows about you (and if it’s on the Internet, it should be deemed available to anyone), the more likely you will click a link in an email message. But if you’re not expecting one, don’t click on it, no matter who sends it.

Stickley on Security
Published November 7, 2018