Verisign’s iDefense Labs has discovered a website which lists some 1.5 million compromised Facebook accounts “for sale.” The selling price is $25 per 1,000 accounts with ten friends or less, and $45 per 1,000 for those accounts with more than ten friends.

While the accounts themselves do not contain enough personal information to commit outright identity theft, some social engineering could produce enough to possibly compromise more sensitive online services the account holder may use. Another avenue is the spreading of malware through the compromised user’s friend network, researchers said.

The information was found on a forum in Russian, posted by a hacker going by the handle “kirllos.” Based on the most current available number of users provided by Facebook — some 400 million — the accounts comprise about four tenths of a percent of the entire user base.

It may seem like a small number, however Facebook is not able to estimate how many more accounts may be compromised by other hackers, eWeek’s Brian Prince reports. Spokesperson Andrew Noyes did add that the social networking site is continuously monitoring for suspicious activity and taking action where neccessary.

When an account is compromised and detected by Facebook, the user’s account is suspended. That user must then take steps to confirm the account is secure, including changing the password.

Users should always be wary of adding friends who they do not know directly, and ensure that their privacy settings are set so that personal information is protected. I’ve already found this out the hard way, and have taken steps myself to prevent the possible misuse of my personal information.

I guess the best advice is to just double check that you haven’t let anything slip through the cracks, and stay away from the shady stuff on Facebook!

 
2 Comments


Read more: Facebook, hacking