What will Facebook do if the Russian hacker Kirllos’ claim that he has in his possession login credentials for 1.5 million Facebook accounts proves to be true?
The hacker was spotted offering the credentials for sale on an underground forum. This image of the post in question was posted on Twitter by Mikko Hyponnen, CRO at F-Secure:
Kirllos asks from $25 to $45 per 1,000 accounts (that’s $0.025/$0.045 per account), and according to VeriSign’s Director of Cyber Intelligence Rick Howard, he has already been able to sell almost half of the total number.
If the credentials are legitimate and the accounts exist, that means that 1 in every 300 accounts is compromised, and can be used by the buyers to prey on other users by spamming and scamming them – not to mention, to direct them towards sites serving malware. And people are more likely to fall for such tricks, since they have a tendency to trust other users that are encompassed in their (online) social circle.
Infoworld reports that Facebook has yet to comment on the whole situation, but I can bet everything I have on the fact that they are investigating the claim thoroughly.