The scam has been running since July and continued this week, when the results of the scam have reportedly been published on the internet.
Reporting on what appears to be a significant scam on Facebook, Chris Boyd, a senior threat researcher with Sunbelt Software, says that the harvesting was successful as it presents users with what appears to be a login page on a rogue URL.
Boyd – aka PaperGhost on Twitter – says that, whilst he and his team can't confirm the logins posted in the clear on the internet were obtained via the FarmVille phish, there's a good chance that many of the users on the list use the same passwords for their email accounts as their Facebook login.
"We have everything from Yahoo and GMail to Hotmail and AIM on there – not great in terms of the amount of personal data that might be accessible", he said, adding that, since there are more than 2800 lines of data, that means about the same number of potential IDs and passwords that will work on Facebook.
What is interesting, Boyd pointed out yesterday, is that the list appears to be live, as another 300 lines of credentials were added in the prior 24 hour period.
"It's entirely possible there are more of these account dumps out there, seeing as this one was numbered - worse, we've since found another dump which has some (but not all) of the same data posted to it along with logins not present in the first batch", he said.
According to Boyd, the second site is registered to a Chinese email address, and doesn't seem to be related to the Facebook logins so there may be numerous individuals generating these lists on line.