1.5 Million Hacked Facebook Accounts for Sale Online

by underthesea

1.5 Million Facebook users were put up for sale at $25 to $45 per account, based on number of Facebook Friends.
 
VeriSign iDefense uncovered a cyber-crook on an electronic fraud forum selling 1.5 million Facebook accounts at a price of $25 per 1,000 accounts with 10 contacts or fewer. Facebook user accounts with more than 10 friends hiked the sale offer to $45 per 1,000 user accounts. Of the 1.5 million Facebook accounts offered for sale, a large number of the accounts included small numbers of Facebook Friends, which suggests the seller may have created fake accounts or used an automated tool, to send out blind 'Friend' requests.
 
Many users, wanting to gain 'Friends', do accept Facebook friend requests from people they literallly do not know despite Facebook's warning to the contrary. The hacker, known as "kirllos" is believed to be from Eastern Europe, possibly Russia.It's not yet known if "kirllos" is linked to the infamous Koobface crew, or any widespread phishing attacks. Criminals steal log-in data for Facebook accounts, typically using “phishing” techniques. Those techniques disclose passwords or with malware that logs keystrokes.
 
Criminals can then use the Facebook accounts to send spam, distribute malicious programs or use identity fraud. Facebook accounts are appealing to criminals because of the higher level of trust on the site, where most users typically use their real names and tend to connect primarily with people they know. Because of the intimacy of the site, Facebook users are more likely to believe a fraudulent message or click on a questionable link on a friend’s wall or an e-mail message.
 
Access to Facebook accounts allow criminals to mine user profiles of victims and their friends, in order to personal information like birth dates, addresses, phone numbers, mothers’ maiden names, pets’ names and other information that can be used in identity theft. "As highlighted by Facebook security personnel themselves, these [hacked] accounts can be used in money transfer schemes similar to Nigerian 419 scams," noted Rick Howard, director of cyber-intelligence at iDefense. "But they can also be used for data mining to support other fraud operations." Facebook isn't offering up specific stats on the number of compromised or malicious accounts it has recently detected or suspended, but Facebook spokesperson Andrew Noyes said "malicious actors are always attacking the site."
 
Compromised users undergo a remediation process to reset their password and take other necessary steps to secure their accounts, he said. "We've built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad. Once we detect a phony message, we delete all instances of it across the [Facebook] site. We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely." People still do not treat Facebook messages with the same level of suspicion they would if they received an e-mail or instant message with a suspicious link, said Andrew Brandt, Webroot Software's lead threat research analyst. "Because there's an inherent and unfounded trust in those messages/wall posts, the recipients are more likely to be convinced to engage in a risky behavior, like clicking a link that leads to a malicious Website," says Brandt. "In the end, a stolen Facebook credential is like a skeleton key to social engineering attacks against every family member, friend or acquaintance of the person whose Facebook account has been compromised. The more friends the user has, the more valuable the credential." Malware can obtain credentials via keylogging or by stealing the data contents of Facebook cookies that store the permissions that permit a user to log back into the service without a password, according to Brandt. "Phishing" pages are another common ploy, where the page takes on the appearance of the official Facebook log-in page, in order to trick users into entering their credentials.