Russian Hacker Selling 1.5M Facebook Accounts

Sir Codelot writes "A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1,000 IDs for users with fewer than 10 friends and $45 per 1,000 IDs for users with more than 10 friends. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users. Quoting: 'VeriSign director of cyber intelligence Rick Howard told the New York Times that it appeared close to 700,000 had already been sold. Kirllos would have earned at least $25,000 from the scam. Howard told the newspaper that it was not apparent whether the accounts and passwords were legitimate, but a Russian underground hacking magazine reported it had tested some of Kirllos' previous samples and managed to get into people's accounts.'"

Koobface

[fineous fingers]

Hmm, maybe 1 out of every 300 Facebook users' computers is infected with Koobface......
http://news.cnet.com/8301-1009_3-20002112-83.html [cnet.com]

Re:Play with fire

[Anonymous Coward]

For those of you who don't know how to leave Facebook... http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

FB has been quite liberal with users' privacy

[blind biker]

...and yet, time after time, FB users ignored the abuse and kept on using the service. I really have little sympathy for such blatant and above all, stubborn disrespect for one's own security. And for what? To have "virtual friends"? To "keep in touch"? Both friends, conversing and socializing are more fulfilling when done in some of the more traditional ways.

Re:Play with fire

[Ron Bennett]

No one forces you to fill in all the information. Just have a page with your name on it if friends and family want you to have one. Just leave blank all the other sections. Then you have no problems with your personal information.

Wrong! This is one of the biggest misconceptions people have. The true value isn't one's profile per se, but who one's "friends" are and the various interactions between them.

Unless your friends are all strangers who know little about you, your personal information is likely more exposed on Facebook than you realize. Often I see instances of a parent, sibling, in-laws, significant other, etc post personal details on one's Facebook wall, gallery, etc that are often visible to others on one's friend list, and even often to friends of friends too.

And that's not even getting into the issue of rogue friends, which can easily sneak in to gather information; among the value of stealing FB IDs ... it's not always about getting passwords, but rather collecting data for other uses, such as, spear-phishing / more targeted attacks - learning one's security questions they have setup on say a banking site.

Ron

Why does Facebook know your Facebook password?

[Animats]

Facebook shouldn't be storing your Facebook passsword, just an hash of it. That's how login systems have worked for thirty years. Doesn't anybody there have a clue about security?

Re:Use good unique passwords

[Anonymous Coward]

To anyone who didn't get the message yet, there are three rules you should follow:

1) Never use the same password in more than one place.

Ridiculous. People have lives. They don't want to spend it keeping track of passwords.

Maybe a bit harsh but...

[friguron]

...probably some people "deserve" the trouble they attract when using computers. Using an easy login/password combination is something it's not my problem. Maybe illiterate people have this problem, but then "what did they expect" of computers and internet usage? They pretend it to be like turning on a bulb. It works, it doesn't work. I would sincerely propose something like "computer usage credentials certificate". Someone is ALWAYS pretending "using computers is something anyone can do" (ha!)

No matter how easily I explain these risks to my acquaintances, they don't really understand the BIG trouble behind it, and they don't change passwords. When they tell me something like "my hotmail has a virus, please help me". I just ignore them, and/or tell them not to enter onto those silly webpages mean't to steal your login password. It's some kind of natural selection. (And Mr. Russian is, "righteously", just rubbing his hands).
I'm starting to be fed of losing my time and my friends'. And the best part is they still are friends with me. (I wouldn't expect less)

Besides, even people like me (for example), who do use "safe" passwords, are in this kind of risk, (lousy webpage programming, plain http login/password negotiation, etc...) but then, having a periodical password change schedule is something NOT SO painful. Besides if your web browser is nice enough (Opera for example), can deal with your passwords wonderfully.
Only you have to keep ALL your passwods inside a encrypted .rar archive (to say something), IN CASE YOU DON'T REMEMBER THEM... Again "not a big pain" (at least for me).

Paranoia with passwords, is something one can learn by conditioning (much like Pavlov's dog), and then you don't realize you're doing these (not so) "boring" routine tasks (like updating your local passwords file, etc...) On the long run, it's really worth its effort.

Greetings

--

Get 250 extra MB Dropbox space using this invitation http://bit.ly/agkF3r [bit.ly]