April 17, 2023

According to CybelAngel, over 40,000 Facebook users have been victims of a malicious software campaign that has entered their accounts and stolen both personal and professional data.

The perpetrator of the campaign is a bogus ChatGPT program that has stolen user passwords and bypassed two-factor authentication, allowing hackers to gain access to and control of Facebook accounts.

As a result of the assault, many users have lost access to their accounts and have lost decades of memories. The story has gone viral on TikTok under the hashtag #LilyCollinsHack, with individuals expressing their outrage and shock at having their Facebook accounts hijacked.

The installation of a bogus ChatGPT application, either a Windows software or a Chrome extension, was a common thread among these individuals, according to CybelAngel’s investigation. The Chrome extension in particular purported to be a genuine ChatGPT software, however it was quickly removed from the Chrome store. Many individuals, unfortunately, had already done so.

According to additional investigation, the stolen data dates back to March 2023, with the stolen Facebook accounts accounting for just 1% of the total stolen information. Access to at least 6,000 business accounts and 7,000 VPNs, as well as thousands of user accounts for a variety of services, are among the remaining data.

Cybersecurity experts are urging users to remain vigilant when downloading software or extensions, and to always verify the source of an app or extension before downloading it. They also advise regularly updating passwords and using strong, unique passwords for each account, enabling two-factor authentication wherever possible, being cautious when granting permissions to apps and extensions, and staying informed about the ever-evolving landscape of cyber threats.

The sources for this piece include an article in CybelAngel.