40% of All Facebook Accounts Have Been Compromised and Are for Sale Online

VeriSign was shocked to discover a Russian by the handle, Kirlios, offering Facebook accounts for as little as ¹/₄¢ in an underground hackers' forum. But they were simply blown-away by the sheer number of accounts Kirlios claims to have: 1.5 million, or about 40% of all Facebook users' accounts!

Social network accounts, such as these, usually go for substantially more - anywhere from $1-20 each - and VeriSign has no way of knowing for certain that Kirlios actually has access to this many accounts, however my personal Facebook account was hacked, for the first time ever, on the 14^th of this month. I reported the violation, then changed the password, only to have it hacked again last night!

Both times this occurred, I was logged-in but not actually on the site, so I have taken to specifically logging-out of my Facebook account whenever I exit the browser window. I also ran AV, anti-spyware, and anti-malware protection following both "attacks," but none of the programs I have found anything on my computer (knock wood, and thank God), and though my AIM Lifestream is set to receive notifications from Twitter, Facebook, and MySpace, neither of the other accounts have been compromised (again, knock wood, et.al.).

I did, however, suspect AIM at first, and still wonder about it. Still, this appears to be a Facebook-specific issue and may be related to this story.

Kirlios was/is asking $25 for accounts with fewer than 10 friends, and $45 for those with 10 or more. If he does have 1.5 million accounts, give or take, that equals about one Facebook user out of every 300.

The best thing to do is to change passwords at least once a month, more if your account has been tampered with. Aside from that, be sure to set your privacy controls so that they do not show your friends, your personal information, nor your contact information.

My account sent out two messages, asking my friends to click on them so that they could buy products, such as trampolines. I have included one screencap, from the first attack. I do not know what happened when the links were clicked, and promptly reported, then removed, them. These links sometimes install malware on unsuspecting friends' PCs.

I also posted several status changes, informing friends that my account had been violated, and one friend responded that she also dealt with this issue about six months ago. In her case, she added that she once logged-in to find she was under a teenager's account, then another user somehow logged-in under her account and even changed her status before realizing she was on the wrong username.

I will post some great security links sometime this weekend. Together, these programs create a formidable security force for free!

© C Harris Lynn, 2010