Slashdot Mirror


Russian Hacker Selling 1.5M Facebook Accounts

Sir Codelot writes "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

7 of 193 comments (clear)

  1. Translation by eldavojohn · · Score: 5, Insightful

    Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.

    Translation: it might not be a bad time to change your password if you use Facebook.

    --
    My work here is dung.
    1. Re:Translation by Bergs007 · · Score: 5, Insightful

      Actually... what this means is that you should change your banking passwords. It appears that what they are trying to do is use Facebook login credentials to go and see if there are any associated bank accounts with the same login information.

    2. Re:Translation by pitchpipe · · Score: 4, Insightful

      Translation: it might not be a bad time to change your password if you use Facebook.

      Actually... what this means is that you should change your banking passwords.

      Actually... what this means is that you shouldn't use the same password for more than one site. You should use an app that is encrypted and password protected to store all of your login info.

      --
      Look where all this talking got us, baby.
    3. Re:Translation by The+Snowman · · Score: 4, Insightful

      Actually... what this means is that you shouldn't use the same password for more than one site. You should use an app that is encrypted and password protected to store all of your login info.

      Suggestions?

      Password Safe.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. Great PoE by BountyX · · Score: 4, Insightful

    I'm suprised they are not worth more since they represent a great point of entry for social attacks. Think Personalized spam (i.e. "Hey John, I think Laura wanted you to buy this for the concert you are attending next week"), targeted dictionaries, localized phising (i.e. location data deploys phising to compromised machines near you). Once you break a single friend in the "network" you gain additional information to everyone in that scope, so the return on entry is very promosing. An attacker can begin profiling ideal targets in the guise of friends. Ah, so many possibilties. Such a gold mine.

    --
    Trying to install linux on my microwave, but keep getting a kernel panic...
  3. Play with fire by Becausegodhasmademe · · Score: 5, Insightful

    According to the Facebook statistics page the average account has 130 friends. If 1 in 300 accounts are compromised and you have circa 130 friends then the odds are quite high that the personal data you have "only available to friends" is going to become available to some fairly unfriendly people shortly.

    Reminds me of the evertrue saying 'play with fire and you'll get burnt'. I have always been mindful of the threat FB poses to my privacy and have completely closed down my account several times, but keep giving in and going back due to peer pressure from family & friends. This time I'm killing it off for sure. No organization, be it governmental or corporate should have control over so much of an individuals personal data.

  4. Re:FB has been quite liberal with users' privacy by Anonymous Coward · · Score: 4, Insightful

    You know, I really despise these "High and mighty" posts about how all FB users are irresponsible idiots. There are a number of great uses for Facebook, and many of us actually PREFER to be contacted via facebook by our friends, rather than the endless deluge of phone calls and text messages. If you're having a get-together, I'd much rather you invite me on FB than tell me in person, because chances are, I'm going to forget. And I don't really see the point of the privacy crap either. I only put information on a social site that I'm comfortable sharing socially. I don't get it.