The still-unidentified hackers were asking for $0.10 per account, according to the report. Most of the users included in the samples were from Russia and the Ukraine, but the hackers apparently also were able to breach the accounts of users from the U.S. and the U.K.
The BCC was able to verify the authenticity of some of those messages by contacting users impacted by the hack. At least in one case, the data published included “intimate correspondence between two lovers,” according to the report. The leaked data has since been taken down from the site it had originally been published on.
Facebook told the BBC that its own security hadn’t been compromised. Instead, hackers apparently used a malicious browser extension to access the impacted accounts. It’s unclear how many users were actually impacted by the incident, as security experts doubted the hackers’ claim of having access 120 million accounts.
News of the incident comes just weeks after Facebook revealed that hackers were able to gain access to 30 million accounts through a security vulnerability. The latter is now being blamed on spammers looking for information to target users with their advertising, and there seems to be no connection between the two incidents.