The hackers told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell.
Unlike the September hack though, this time Facebook isn't really to be blamed.
It is believed that numerous user details came from Russian Federation and Ukraine-based Facebook users although some messages also originated from people in the United States, the UK and Brazil, the BBC notes.
After investigating the claims, Facebook said it suspects the account information was gathered by "malicious browser extensions", which can range from online shopping assistants to ad blockers. Rosen said the social network had notified law enforcement, had the website hosting the Facebook account data had been taken down.
Rosen also suggested people check any browsers extensions they've installed and "remove any that they don't fully trust".
The still-unidentified hackers were asking for $0.10 per account, according to the report.
Red Sox ride unlikely MVP to World Series title for the ages
Security was tight along the route, which took the team past the site of the deadly 2013 Boston Marathon bombings. Countless Boston-area youths skipped class to take in the parade. "I'm focused on winning today".
Security firm Digital Shadows helped BBC analyse the data and came to the determination that the attackers used a browser exploit. Behind the scenes, though, the extension would connect to Facebook and steal information from a victim's logged in account.
Personal shopping assistants, bookmarking applications and even mini-puzzle games are all on offer from various browsers such as Chrome, Opera and Firefox as third-party extensions.
Without naming the extensions, Facebook explains that these malicious extensions quietly monitored users' activity, and sent data back to the hackers, without the users' knowledge. "Our database includes 120 million accounts".
Thousands of private Facebook messages were recently compromised.
The BBC reached out to five Russian Facebook users whose private messages had been stolen; each confirmed it belonged to them, with conversation topics ranging from a recent holiday, concerts, and complaints about a son-in-law.
Numerous messages are relatively benign and include simple chats about going on vacation and attending concerts.