Verisign: 1.5 Million Facebook Accounts Up for Sale

By  |  Friday, April 23, 2010 at 6:15 am

Verisign’s iDefense Labs has discovered a website which lists some 1.5 million compromised Facebook accounts “for sale.” The selling price is $25 per 1,000 accounts with ten friends or less, and $45 per 1,000 for those accounts with more than ten friends.

While the accounts themselves do not contain enough personal information to commit outright identity theft, some social engineering could produce enough to possibly compromise more sensitive online services the account holder may use. Another avenue is the spreading of malware through the compromised user’s friend network, researchers said.

The information was found on a forum in Russian, posted by a hacker going by the handle “kirllos.” Based on the most current available number of users provided by Facebook — some 400 million — the accounts comprise about four tenths of a percent of the entire user base.

It may seem like a small number, however Facebook is not able to estimate how many more accounts may be compromised by other hackers, eWeek’s Brian Prince reports. Spokesperson Andrew Noyes did add that the social networking site is continuously monitoring for suspicious activity and taking action where neccessary.

When an account is compromised and detected by Facebook, the user’s account is suspended. That user must then take steps to confirm the account is secure, including changing the password.

Users should always be wary of adding friends who they do not know directly, and ensure that their privacy settings are set so that personal information is protected. I’ve already found this out the hard way, and have taken steps myself to prevent the possible misuse of my personal information.

I guess the best advice is to just double check that you haven’t let anything slip through the cracks, and stay away from the shady stuff on Facebook!



2 Comments For This Post

  1. Baldguy Says:

    “I” sent oput some iPod spam crap to my friends list. As soon as it happened, I changed my password to something ridiculously obscure. If it happens again, I’m outa there.

    Ironically, I tried to send an explanatory message to my 100 or so friends, and Facebook wouldn’t let me do it, limiting me to 20.

  2. Jammo Says:


    I just cleaned the Koobface virus off of my father in law’s computer which has symptoms like the ones you described (i.e. spamming your whole friends list with messages of a hacker’s choosing).

    You may want to get your computer looked at by a professional to get cleaned up. Took me 5-6 hours of scanning and cleaning with various tools in safe mode to get the box to come up clean.

    Hope this helps.