Those behind the attack told the BBC Russian Service that they had access to 120 million accounts, although this has been branded “unlikely” by Digital Shadows, whose researchers were called in to investigate.
In fact, the seller, “FBSaler,” provided a total dataset to reporters of around 257,000 profiles.
The largest number of profiles (30%) are Ukrainian, followed by Russia (9%), although users from the US, UK and Brazil are also said to be represented.Just 81,000 are certain to have been compromised, as private messages were included. The remaining 176,000 may have simply had profile information like names, addresses, contact numbers, and interests taken because accounts were left wide open by users.
The accounts are not thought to be linked to the Cambridge Analytica scandal, or the more recent breach of 30 million accounts which occurred after attackers obtained access tokens.