As per a damning BBC report, private Facebook messages of almost 81,000 users are being sold on the internet for as low as $0.10 (Rs 7 approximately). To steal the information, the well-known method of malicious desktop browser extension was used.
Before the advertisement was removed, hackers attempted to sell access to the data for as little as 10 cents per account, according to the BBC.
A new report from the BBC claim that Facebook Messenger has been hacked, with conversations associated with over 81,000 accounts stolen. The latter could simply have been gathered via a lack of privacy settings, but this has yet to be confirmed.
It is believed that numerous user details came from Russian Federation and Ukraine-based Facebook users although some messages also originated from people in the United States, the UK and Brazil, the BBC notes. All of the messages breached were of a personal nature, from the tame subject of dicussing a music concert to the more explicit.
Now playing: Watch this: Facebook explains breach that exposed data on 50 million.
"The breach as first discovered in September when a user going by the name FBSaler posted this on the social media: " We sell personal information of Facebook users.
Guy Rosen, Facebook's VP Product Management, said the company has contacted browser makers to ensure the infected extensions are no longer offered for download in their stores.
The BBC Russian service contacted five Russian users affected by the hack, and confirmed the messages were theirs.
"Data from a further 176,000 accounts was also made available, although some of the information - including email addresses and phone numbers - could have been scraped from members who had not hidden it", continued the BBC report.
Facebook's data breaches and its inability to curb the rise of misinformation on its platform, have put the tech giant under growing public and government scrutiny. The breach forced millions of Facebook's users across the globe to log out of their accounts as the company "reset the access tokens of the nearly 50 million accounts that were affected to protect their security".
The BBC said there was reason to believe the 120 million claim was exaggerated.