Access to some 81,000 hacked Facebook accounts have been found for sale on the darknet, the shady part of the internet reachable with special software, at a surprisingly low price.

The sale of the accounts, first reported by the BBC Russian Service Friday, primarily included accounts from Ukraine and Russia, although a small number were accounts from the U.K., the U.S. and Brazil.

The seller, which went by the name of “FBSaler,” claimed that it sells “personal information of Facebook users” and that its “database includes 120 million accounts, with the ability to sample by specific countries.”

Remarkably, the cost of access to one profile was quoted at only 10 cents.

“Data from a further 176,000 accounts was also made available, although some of the information — including email addresses and phone numbers — could have been scraped from members who had not hidden it,” the report added.

Facebook has blamed malicious browser extensions for the theft of account details.

Ruchika Mishra, director of products and solutions at Balbix Inc. told SiliconANGLE over the weekend that “a data breach exposing messages on Facebook is exactly the sort that makes people pay attention.

“Hacked accounts are in abundance, but it only really starts to catch the attention of the masses when their money and reputation are in jeopardy,” she said. “Any enterprise handling the data of users – 2.2 billion active monthly users in Facebook’s case – needs to ensure they are being proactive about securing customer data by monitoring and addressing security vulnerabilities. Facebook’s users also need to take charge of their own data security and privacy by being vigilant when installing browser extensions and being wary of clicking on dubious links.”

Mishra said it will be telling whether this breach “will open the eyes of users to the impending harm that comes when you are not keeping a careful watch for possible online dangers.”

Noting that Facebook has blamed malicious browser extensions, Rich Campagna, chief marketing officer at Bitglass Inc., argued that while such extensions “highlight the harsh reality that an unknown vulnerability can pose a major threat to data security and brand reputation,” it’s also the responsibility of companies to ensure appropriate configurations, deny unauthorized access and protect sensitive data.

“In addition to losing login credentials, this hack likely exposed a plethora of sensitive personal information,” Campagna added. “This, when added to the growing list of cybersecurity lapses at the social media giant, could significantly harm consumer trust in the company.”

Image: Pixabay