In a rather disturbing development, private messages from more than 81,000 hacked Facebook accounts have been spotted online.
The information was posted back in September, and the poster has claimed they have information of some 120 million Facebook users, BBC reported.
Facebook, on the other hand, has blamed the case on a malicious browser extension, noting its security had not been compromised.
Accounts posted as sample for sale
Back in September, BBC's Russian service found an advert on an internet forum, where a user named FBSaler claimed to offer information from 120 million FB accounts.
"We sell personal information of Facebook users," the user wrote. "Our database includes 120 million accounts".
To attract user attention, FBSaler had also posted a massive chunk of accounts with private information - as a sample.
Every account for 10 cents
The hackers sold information from every Facebook account at just 10 US cents. According to BBC, the batch included information of users from Russia, Ukraine, America, Brazil, and other countries.
BBC examined the samples, verified private messages
After spotting the samples, BBC-authorized cybersecurity firm Digital Shadows examined the data and confirmed that more than 81,000 of those profiles had private messages.
Meanwhile, other 176,000 accounts had other personal data such as emails and phone numbers.
To verify the information, the news agency even contacted some of the users whose personal messages had been leaked and checked with them personally.
Importantly, the hack doesn't appear linked to recent Facebook breaches
BBC contacted the advertiser by posing as a potential buyer and asked if this data is from the recent breaches suffered by Facebook.
In response, the hacker denied and claimed his group could provide data from 120 million accounts, including those of nearly 3 million Russians.
Also, the hacker, who called himself 'John', said his group had nothing to do with the Russian state.
So, how they got access to these accounts?
When contacted by BBC, Facebook claimed the information has been stolen by the way of a malicious browser extension.
The social media giant claimed that an extension monitored the activity of Facebook users and sent their private data, including messages, to the hackers.
The company said necessary steps have been taken to prevent further attacks, but the breach was not on its end.
Statement from Facebook executive Guy Rosen
"We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," Facebook's executive Guy Rosen said, noting that law enforcement agencies have also been contacted to take down the website where the personal information was being sold.
Another bad case for Facebook
The details of this hack are pretty shady.
There is no clear evidence to prove that information from as many as 120 million accounts have been stolen.
However, the fact that private messages from at least 81,000 accounts have already been posted online makes another bad case for Facebook.
The company recently suffered a major security breach and this just makes it worse.