Hackers have reportedly compromised and published private messages from at least 81,000 Facebook accounts, offering to sell access for $0.10 (£0.08) per account in an advert that has since been taken offline.
Facebook has said that its security has not been compromised and it has taken steps to prevent further accounts from being affected, but the perpetrators have spoken to the BBC Russian Service, claiming that they have details from a total of 120m accounts. However, there are reasons to be sceptical about the figure that they offer, with security experts claiming Facebook is unlikely to have missed a breach of that scale.
The breach first came to light in September, when a post was made on an English-language internet forum by a user called 'FBSaler'. The user offered "personal information of Facebook users", claiming they had access to details for 120m accounts. Cybersecurity firm Digital Shadows examined the claim on behalf of the BBC, and confirmed they more than 81,000 of the profiles posted online as a sample included private messages. Data from a further 176,000 accounts was also made available, although some of it could have been scraped from publicly-availably data.
The users affected are primarily based in Russia and Ukraine, but the data also includes users from the UK, USA, Brazil and elsewhere around the world. The data was likely obtained through the use of malicious browser extensions, disguised as games or online tools.
"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," said Guy Rosen, vice president of product management at Facebook. "We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts."
The stolen details are unrelated to the Cambridge Analytica scandal or the security breach Facebook disclosed in September, but is yet another indicator of the danger that exists in the modern digital world, and the amount of data that Facebook has access to.