New Zealand Hacker Is Selling 1.5 Million Facebook Usernames and Passwords

A Verisign internet security group entitled iDefense has found that a hacker is attempting to sell one and a half million social networking usernames and passwords, and the more friends an account has, the more expensive the account. This is an unprecedented type of sale and could be the result of all the phishing scams that have been recently occurring. The hacker claims to live in New Zealand, although other rumors put him in Russia, and he apparently already sold 700,000.

The hacker’s name is Kirllos and has a pricing scheme for the accounts. When an account has less than 10 friends, the price is $25 for 1000 accounts (or 2.5 cents per user). When an account has over 10 contacts, he’s asking for $45 for 1000 accounts (or 4.5 cents per user). The director of intelligence at iDefense, Rik Howard, had this to say: “There are two things that make this discovery interesting: the volume of social network account credentials discovered, and the fact that we are seeing an eastern European hacker dip into western social networks. In the past, most hackers have been content to stay with their own local social networking services.”

The likely goal, says iDefense, is to use the data to set up fraudulent accounts and identities which can be used to create bank accounts, make money transfers and also steal other people’s identities and use that to their advantage. The fact that employees use their Facebook at work also means that there is the potential for illegitimate users to access some of that corporate information, although the technology behind that isn’t yet clear. We’ll see how this progresses, and whether this is the real deal, but if so, and at prices like that, we can expect more Facebook hackers to appear in the coming years.