Russian Hacker Selling 1.5M Facebook Accounts
Sir Codelot writes "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"
The wonderful thing about his product though, is that he can keep selling it even after he has sold it.
He doesn't have 1.5 million accounts to sell once, he has 1.5 million accounts to sell over and over and over. He may only be able to get $50k for the lot, but he can sell them all a dozen times. Depending on if they catch him or not, and how effective they are at getting people to change their passwords (the only way to make the accounts worthless), this guy could make half a million dollars or more pretty easily.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
Being from Europe I was pretty surprised when I came to the US and learned that virtually all* banks use ordinary passwords for online banking.. *the ones I know of: Citi, Bank of America, US Bank
Yes, but that would make the accounts worthless pretty quickly. The "value" of the account is that both the buyer and the actual account owner know the password. So it looks like a completely legitimate thing when the buyer (pretending to be the actual account owner) sends messages to the account owners "friends" asking them to go to certain sites, run certain "cool" programs, etc. The value goes down pretty quickly if the original owner is locked out by a password change and tells all their "friends" that they can't get in to Facebook anymore and had to make a new account. It makes any messages coming from that old account pretty suspicious even to the average idiot user.