Compromised Facebook accounts offered for sale by hackers

It is reported that an operation which has compromised thousands of Facebook accounts by stealing their logon credentials has placed the details for sale to malicious hackers who then try to scam ‘friend lists’ on the hacked account. The cost to a malicious hacker of a compromised account depends upon the number of friends in the account. Some reports suggest that just one hacker has a million and a half compromised accounts for sale.

Hacked Facebook accounts are valuable for spreading malware - such accounts can be used in money transfer schemes similar to the well known Nigerian 419 scams and they can also be used for data mining to support other types of fraudulent operations.

Always be very cautious when accepting ‘friend’ invitations from people that you do not know. It’s clear that people still do not treat Facebook messages with the same level of suspicion they would if they received an e-mail or instant message with a suspicious link.

It’s recommended that you secure a Facebook account carefully - Sophos has made some recommendations which are linked below.

W E B L I N K S

Chris Pirillo: http://www.lockergnome.com/forsythe/...unts-for-sale/

e-week: http://www.eweek.com/c/a/Security/15...eports-875346/

IT Pro: http://www.itpro.co.uk/622648/hacker...rking-accounts

Daniweb: http://www.daniweb.com/news/story277999.html#

Techeye: http://www.techeye.net/security/crim...twork-profiles

ZDNet: http://www.zdnetasia.com/1-5m-facebo...e-62062829.htm

Sophos recommendations: http://www.sophos.com/security/best-practice/facebook/