Follow us:
  1. Home
  2. News
  3. Cybersecurity News

The Weekly Hack: Security firm discovers that private Facebook messages were offered for sale

A customer claims that Tesla offered little help when his vehicle was hacked and stolen

Photo via Twitter
The private messages that people send each other via Facebook Messenger aren’t so private after all. Different hacking groups were recently caught advertising the contents of  “private” Facebook messages and offering to sell more at the price of 10 cents per account.  One post even claimed to have data on the accounts belonging to 120 million users.

Once again, Facebook executives claim that they already have the issue under control. They say the issue is not the fault of Facebook or any apps it works with, but rather “malicious” browser extensions that surreptitiously track user internet activity.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores," Facebook executive Guy Rosen assured the BBC, without naming the browser-maker responsible.

But it wasn’t Facebook that discovered the breach. Instead, it was reporters at the BBC who initially discovered the advertisements for the private messages. The news outlet then hired a cybersecurity firm to confirm the ads’ veracity. The firm found that a total of 81,000 private messages were posted online as a sample to people interested in buying more.

Messages posted online included “intimate messages” between two lovers, the BBC said.


Tech-savvy car thieves have struck again in the United Kingdom. While keyless Ford Mustangs have typically been the hackers’ car of choice, on October 22, it was a Tesla Model S that disappeared from a driveway in Essex, England.

Owner Anthony Kennedy only purchased the car nine months earlier. Footage captured by surveillance cameras over his driveway show the thieves using a special tablet device to unlock the car, as they have used in the other, similar car thefts.

Kennedy told Motherboard that he contacted Tesla when he realized what had happened -- but the company famous for its seemingly all-knowing capabilities was of no help, he said.

“Tesla can't do anything,” Kennedy told the publication. Representatives told him that the thieves used the car’s passive entry system and then removed the SIM to take the car offline.

In a statement to Business Insider, Tesla responded by touting recent software updates that it has offered to consumers to prevent thefts.

"We have issued several over-the-air updates to help protect our customers from thefts,” the company said. “Last year we introduced an update that allows all customers to turn off passive entry entirely, and this year we introduced PIN to Drive, which allows customers to set a unique PIN that needs to be entered before their vehicle is driven."

But Kennedy questioned why there weren’t other security measures available, such as facial recognition or fingerprinting.  “My phone can do that. Why not an expensive car made by a tech giant?” he asked.

Radisson Hotel Group

Members of the Radisson Hotel Group’s Rewards Program may have seen their participation in the program completely backfire. Customers in the program were recently informed by the hotel of a “security incident" that took place in September that revealed their physical addresses, countries of residence, email addresses, and company names.

Like other corporate hacking targets, Radisson, which owns over 1,400 hotels across the world, claims the incident is already under control.

"Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future," the company said.


People who attended one of the world’s largest electronic music festivals four years ago are getting word only this week that their personal data may have been stolen.

A newspaper in Belgium, where the annual electronic music festival called Tomorrowland is based, is reporting that more than 64,000 people who attended the event 2014 had their names, addresses, emails, ages, addresses, and genders posted on an old server. However, festival organizers have yet to confirm the report.

Take an Identity Theft Quiz

Get matched with an Authorized Partner