Stolen Facebook and Twitter log-ins on sale for $30 each

By Andrew Charlesworth
08 Feb 2012 View Comments
Security threats - password theft

Cyber criminals are selling bulk log-in credentials for social sites, such as Facebook and Twitter, and web server management software cPanel, according to security researchers.

"These details are not on sale so people can cause mischief but for real financial gain," Oren Kedem, product marketing director at Trusteer, told Computing.

Further reading

The criminals boast a haul of 80GB of credentials that they are advertising at wholesale prices, or at $30 a log-in when divided into network- and country-specific batches with corresponding personal email addresses.

A blog by Trusteer's chief technical officer Amit Klein reports two botnet operators advertising a "factory outlet" of social network login credentials, and another offering to sell logins and URLs that would allow a fraudster to take control of certain websites. Specifically, the advertiser is offering cPanel credentials.

Control of the website admin software would enable a fraudster to inject malware into the site that could later harvest financial details, said Kedem.

Social network log-ins could be used in social engineering attacks to lure friends of the hacked to fraudulent sites where they would be duped into downloading malware that could, again, perpetrate financial theft, he added.

Facebook officials told Trusteer that the social network actively detects known malware on users' devices and validates every login to the site to check for malicious activity.

Meanwhile security firm GFI published its latest monthly cyber attack report, showing an increasingly sophisticated landscape of social-engineering-based scams.

Gamers looking for a pirated release of Pro Evolution Soccer 2012 were targeted with rootkit malware, while Halo lovers were tempted to sign up for a bogus beta programme.

Tumblr users were baited with free Southwest Airlines tickets in exchange for filling in a pointless survey, and small business owners were attacked with fraudulent customer complaint notices from the Better Business Bureau which led to malware sites.

Reader comments
blog comments powered by Disqus
Newsletters
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

36 %
33 %
12 %
19 %