Hackers Sell Stolen Facebook Messenger Messages

John Lister's picture

Facebook messages are being sold online for the equivalent of 10 cents per user. It comes as the company unveils an "unsend" feature for messages sent in haste.

The message for sale follows a breach of Facebook last year when hackers were able to take advantage of a security flaw to gain access to 50 million accounts. Ironically the hack took advantage of a 'View As' feature that's meant to protect privacy by allowing users check which parts of their account and data are publicly viewable.

81,000 Users Hit By Message Leak

The offer on a hacker forum claims to include details of some kind from 120 million accounts, which is a suspiciously high figure. However it also includes private messages sent and received by 81,000 users. Most are in Russia, but the haul includes users in the US, Brazil and UK among other countries.

The BBC has contacted five of the affected accounts, who in turn have confirmed the stolen messages offered for sale are in fact genuine. BBC then contacted the would-be seller who understandably gave little detail. 'He' did say the hack was not the work of an Internet Research Agency, which is the group linked to the Russian government that is thought to be behind attempts to disrupt political debate through misleading and bogus online posts. (Source: bbc.co.uk)

10 Minutes To Change Your Mind

There is some good news for Facebook's Messenger users, however. The release notes for the iOS Messenger app show that users will soon be able to 'unsend' messages.

The notes say: "Coming soon: Remove a message from a chat thread after it's been sent. If you accidentally send the wrong photo, incorrect information, or message the wrong thread, you can easily correct it by removing the message within ten minutes of sending it." (Source: theverge.com)

It's not yet clear if the delete option will always have the full ten minute window, or if it will only be available up to the point at which the recipient reads it.

Some email services have a similar 'unsend' feature, though these usually involve delaying the sending of the message to give the writer a short buffer to change their mind, rather than actually retrieving the message once it's sent.

What's Your Opinion?

Do you trust social network and other messaging services to keep your messages confidential? Are you surprised at the 10 cents per account asking price? Have you ever sent a message and wished you could 'unsend' it before it was read?

Rate this article: 
Average: 5 (6 votes)


dan400man's picture

I am bewildered. Does anyone actually send messages that include sensitive personal information, such as social security numbers, passwords, bank account numbers, etc.?

I do not trust *any* social media, messenger/chat, email, etc. apps to be secure. SMS messaging is unsecure, and any claims to the contrary cannot be trusted.