Security Blog

Malicious browser extension caused Facebook sensitive information disclosure

Release Date: 03 / 11 / 2018
Last Update: 03 / 11 / 2018

HKCERT is aware a report which stated that there were 257,256 Facebook user profiles compromised, of which 81,208 private messages were leaked.


Security vendor Digital Shadows obtained the leaked data from BBC and performed assessment, and found that 30% of victims being Ukraine and 9% Russia. Some users in UK, US and Brazil were also identified. Attacker claimed 120 million profiles were on hand but it cannot be verified. The compromised profiles are now for sale in 10 cents USD per account.


Facebook denied any system compromise, and suggested that the breach may be caused by malicious browser extensions. The attacker intended to sell the profiles in the underground market, but the information is currently taken down.


At present there is no evidence that Hong Kong users are affected. HKCERT keeps monitoring the situation.


As usual, basic security measures should protect your account:

  • Ensure baseline protection of your computers with anti-virus program or internet security application, and install security update of OS and software.
  • Enable two-factor authentication for Facebook login.
  • Always install software/browser extensions or addons from trusted sources. Malicious browser extensions or addons may also be able to act like malware to infect and leak your device or account information.
  • Be aware of scam and phishing emails. Do not click links or open attachment in any suspicious email.