Related Links

Related Stories

Top 5 Stories


Facebook identifies hacker selling 1.5 million accounts

17 May 2010

Reports are coming in that Facebook has identified the self-proclaimed hacker who was offering to sell batches of 1000 Facebook accounts - up to 1.5 million in total - and it appears that the Russian hacker was wildly overstating the account numbers.

Weekend newswire reports say that the hacker, who is known as Kirllos, had succeeded in hacking into a number of Facebook accounts, which he planned to sell via online hacker forums.

However Facebook has told reporters that the Russian hacker was significantly overstating his account haul.

Robert McMillan of the IDG newswire quoted a Facebook spokersperson as saying: "We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor."

McMillan says that Kirllos had been selling batches of 1000 accounts at between $25 and $45 a batch.

VeriSign's IDefense operation, meanwhile, says it it was able to trace the Russian hacker's internet connection, after he boasted he had as many as 700 000 accounts. Unconfirmed reports, however, suggest that Kirllos only had access a few thousand Facebook accounts and those accounts were attained where password security was poor or he had obtained the credentials using phishing and trojan attack methods.

Facebook has said it has handed over the results of its investigation to US law enforcement agencies, although newswire reports suggest that an extradition from Russia - where the hacker lives - is unlikely.

Facebook's apparent openness with the media comes in the wake of a wave of security problems with the social networking services this month, Infosecurity notes.

Unconfirmed reports had suggested that Facebook held a company-wide series of meetings last week to decide how to tackle the privacy issue, although the social networking service has been playing down media reports of its meetings.

According to Ed Rowley, product manager with M86 Security, Facebook is easy to use and this is the main reason why it is so popular.

"It is encouraging to see that they are trying to protect users by adding new security measures, as cybercriminals are so well-organised and well-funded that it is unlikely the platform will remain watertight for long", he said.

Unfortunately, adding granular security settings to anything involving individual user accounts, including Facebook, can be quite complex. It is likely that many of these security measures will remain options that Facebook users will simply ignore", he added.

This article is featured in:
Compliance and Policy  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×