Hackers Are Selling Facebook Credentials on the Dark Web For $3

Hackers are selling Facebook logins for just $3 on the dark web, according to new research. From a report: The study by Money Guru found that Facebook logins can be bought for as little as 2.30 Pound ($3), with the report coming just hours after it was revealed that an enormous data breach has left at least 50 million Facebook accounts compromised. The research also found that hacked email logins are also being flogged on dark web marketplaces, which are easily accessible to anyone with the right browser and web addresses. Even financial data is being sold cheaply, with credit card information available for as little as $14 and debit card information for $19.50. The research was looking into the availability of logins for sale for the 26 most commonly used online accounts.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cribb]

Sales Tax. Woudn't want to be on the wrong side of law now, would you?

Re:

[alex67500]

Especially on the DarkWeb!!!!

Re:

[cascadingstylesheet]

Especially on the DarkWeb!!!!

Sounds like a cartoon supervillian.

Or "complex" hero ...

There's a Good Reason it's Cheap

[natetheokay]

Converting stolen credentials into actual money is hard. Since banks can repudiate and reverse password-enabled transfers you have to have a mule to be left holding the (empty) bag when the bank reverses the transfer. Microsoft had an interesting whitepaper on the topic a few years back: https://www.microsoft.com/en-u... [microsoft.com]

Re:

[misnohmer]

And yet, when I had an insurance company continue to do direct withdrawals from my account without my authorization after I cancelled my insurance policy, my bank told me their responsibility is to tell me who took the money, not to refund it. It was my responsibility to chase after the insurance company. I tried blocking the payments, so the insurance company changed the amount by a penny and it went through again. Bank explained that I have to know the exact amount or they can't block it. I later found ou

Okay, I'll ask the stupid question

[Anonymous Coward]

Since I'm not on Facebook, I have no idea what the heck anyone would really do with a stolen login to the place. Why is a Facebook login worth anything at all? After they log in, then... what?

Re:

[Luthair]

I imagine you could use it for fishing attacks, users are probably a lot more likely to click on a link their friend sent them.

Also don't forget that the Facebook is also used as a SSO for many sites, so an attacker could use that to access information stored on those sites, or just to spam random sites.

Re: Okay, I'll ask the stupid question

[LordWabbit2]

Because a LOT of people use Facebook authentication for OTHER websites, if one of them happens to be an e-commerce site you can then use their saved credit card details to buy stuffs, or stalk them etc.

Re:

[CaptainDork]

You'd be surprised how many people conveniently log in to other sites using their Facebook account.

Re:

[infolation]

what the heck anyone would really do with a stolen login to the place

They can try to log in with the wrong IP address, device profile or browser fingerprint for the account, and then be put through a few hours of the game 'do you recognise these dark, grainy, blurry pictures of your friends?'

Alternatively they could fail the 2FA SMS check.

wow!

[Anonymous Coward]

Where can I sell my own account myself? I'd honestly rather have 10 chicken mcnuggets than a facebook account anyway.

Re:

[Oswald McWeany]

Where can I sell my own account myself? I'd honestly rather have 10 chicken mcnuggets than a facebook account anyway.

This. I will create a facebook account if I can sell it. So far I've not seen any point in making a facebook account- but I will if people pay me for them.

I will pass on the Chicken McNuggets though, I don't like McDonalds.

Re:

[Gr8Apes]

I'm pretty sure I can create an account per minute, so this might be more profitable than flipping burgers!

I can make new ones in two minutes

[Anonymous Coward]

So that's what, $90 an hour? brb.

At last, now I'll be able to login

[clovis]

I setup a Facebook account over 10 years ago using a throw-away email account and a phony birthdate. The only real info was my actual name.
I forgot my password, and Facebook is no help.
How do I contact these dark web people to get my password? For only $3, it's a bargain.

Re:

[Anonymous Coward]

also, try to get the login credentials of your wife. You'd be surprised that your neighbors gardener and your driver is sleeping with her.

Re:

[Gr8Apes]

You are not alone. Maybe I should try to login sometime? I have no idea what any of the credentials were though, and the data was all false anyways.

Two dollars

[CrimsonAvenger]

I'll sell MY Facebook Credentials for just two dollars.

Of course, you'll have to wait on delivery till I start a Facebook account....

What a ripoff

[magarity]

Facebook lets you make your own account for free.

Re:

[misnohmer]

It's not necessarily your facebook account they want. Majority of people use the same (or similar enough to guess via automated mutation) password on facebook as they do on their other accounts - bank, ebay, paypal - all accounts which can be monetized faster than a facebook account. If your email password is compromised, most sites passwords can be reset via your email to gain access.

Get a life

[Anonymous Coward]

The research was looking into the availability of logins for sale for the 26 most commonly used online accounts.

If your Facebook account is one of the 26 most active in the world, could I humbly suggest stepping away from the keyboard.