8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

You might want to change your Facebook password...

by Dennis Gaskill
6 replies
This article is a few weeks old, but I just came across it. According to the article, a hacker was discovered offering Facebook credentials for sale in an underground hacker forum. That in itself isn't so unusual, but the volume of accounts he has is . . . 1.5 million user accounts for sale from $25 to $45 per thousand.

I thought any Facebook users that weren't aware of this would like to know. I'm not on Facebook, but if I were, I'd be changing my login credentials ASAP. Here's the article...

1.5M stolen Facebook IDs up for sale - Computerworld
#change #facebook #password
  • Profile picture of the author Samuel Baker
    Pitty they are not niche targeted facebook accounts ha
    Signature
    SWTOR Leveling Guides
    Bioware SWTOR
    {{ DiscussionBoard.errors[2200671].message }}
  • Profile picture of the author Big Fly
    This doesn't surprise me.. I used to sell Network Security products & during one of the RSA conferences, they had a speaker from the CIA tell us of all the online hacker communities where you can login & literally purchase real bank account & credit card details & we're not talking about just a few.. but millions of them! So hacked Facebook accounts does not surprise me..

    And changing passwords whilst recommended won't stop a hacker if they want to hack your account.. keyloggers are still the most proliferant & hardest to detect methods of stealing passwords being used today..

    Sorry if I've made you all paranoid!

    -- Dan
    {{ DiscussionBoard.errors[2200692].message }}
    • Profile picture of the author CDarklock
      Originally Posted by Big Fly View Post

      you can login & literally purchase real bank account & credit card details
      Hang around here late at night, and you'll generally see two or three people try and spam this forum with those offers, too.

      There's a catch to a lot of those, though. While the hackers are indeed offering real account details, you still need to be sufficiently savvy in bank fraud to use them.

      Bear in mind that the information I'm about to tell you is from the BANK side of the equation. I'm not one of the people who buys or sells these lists. I'm one of the people who has worked with the banks to reduce the damage these people do.

      It may seem scary to think that they're selling bank account and credit card numbers by the thousands, BUT: you still have to "clean" the list, just like you might with an email list.

      That means identifying and removing accounts that have closed, cards that have expired, "honeypot" numbers known to be there for the purpose of trapping fraud, accounts currently flagged for investigation, cards currently locked down for fraud, accounts overdrawn or in collections, etc. The 80/20 rule is generally in effect, so if you buy a thousand accounts, you end up with about 200 that could realistically be used.

      That's still pretty scary, but also recognise that these accounts are usually "good" for between 24 and 72 hours before they get locked down. See, banks aren't stupid, but people who buy bank accounts frequently ARE... so the banks have got their "honeypots" strategically located. If a honeypot gets hit by a fraud attempt, not only is it denied, but they can identify another hundred or so accounts which have probably been compromised and put them on fraud alert.

      So every time some jerk doesn't know what he's doing, he may not get caught, but some of the useful accounts get locked down. Within one to three days, enough of them have been compromised that you essentially can't trust anything on the list anymore, and you have to go buy a new list.

      There's a reason people sell these lists instead of just pillaging the accounts: it's a lot harder to trace, and you're a lot more likely to get the money.
      Signature
      "The Golden Town is the Golden Town no longer. They have sold their pillars for brass and their temples for money, they have made coins out of their golden doors. It is become a dark town full of trouble, there is no ease in its streets, beauty has left it and the old songs are gone." - Lord Dunsany, The Messengers
      {{ DiscussionBoard.errors[2200755].message }}
      • Profile picture of the author TimG
        Originally Posted by CDarklock View Post

        Hang around here late at night, and you'll generally see two or three people try and spam this forum with those offers, too.

        There's a catch to a lot of those, though. While the hackers are indeed offering real account details, you still need to be sufficiently savvy in bank fraud to use them.

        Bear in mind that the information I'm about to tell you is from the BANK side of the equation. I'm not one of the people who buys or sells these lists. I'm one of the people who has worked with the banks to reduce the damage these people do.

        It may seem scary to think that they're selling bank account and credit card numbers by the thousands, BUT: you still have to "clean" the list, just like you might with an email list.

        That means identifying and removing accounts that have closed, cards that have expired, "honeypot" numbers known to be there for the purpose of trapping fraud, accounts currently flagged for investigation, cards currently locked down for fraud, accounts overdrawn or in collections, etc. The 80/20 rule is generally in effect, so if you buy a thousand accounts, you end up with about 200 that could realistically be used.

        That's still pretty scary, but also recognise that these accounts are usually "good" for between 24 and 72 hours before they get locked down. See, banks aren't stupid, but people who buy bank accounts frequently ARE... so the banks have got their "honeypots" strategically located. If a honeypot gets hit by a fraud attempt, not only is it denied, but they can identify another hundred or so accounts which have probably been compromised and put them on fraud alert.

        So every time some jerk doesn't know what he's doing, he may not get caught, but some of the useful accounts get locked down. Within one to three days, enough of them have been compromised that you essentially can't trust anything on the list anymore, and you have to go buy a new list.

        There's a reason people sell these lists instead of just pillaging the accounts: it's a lot harder to trace, and you're a lot more likely to get the money.
        Really appreciate that post because it does help to hear that there are protective measures in place to try and prevent the scumbags from screwing hard working people over.

        My mother-in-law was a victim of identity theft and it was a real pain to eventually get fixed.

        My wife's credit card number along with our bank account info was compromised last December and that really sucked. It was easy to fix but still a real bummer because nobody likes getting scammed.

        Tim
        Signature
        Article Marketing Soldiers - The Best Selling Article Marketing Product On The Warrior Forum Is Now Looking For Affiliates! Make Over $25 Per Sale With This High Converting Product.

        Make More Money And Spend More Time With Your Family By Becoming A Scentsy Consultant - I Provide Personal Assistance And Help With Growing Your Business.
        {{ DiscussionBoard.errors[2200773].message }}
  • Profile picture of the author Big Fly
    I was thinking my last post wasn't that helpful especially if you are thinking, well how do I protect myself from these sort of hackers?!

    Obviously a good anti-virus/personal firewall is essential on your PC, but a lot of them aren't equipped to prevent the real nasty types of malicious codes especially keyloggers.

    I sold network security products for 5 years, & the best thing I could advise is getting a hardware based firewall from a company that makes firewalls (versus a modem company that put a firewall on their modem). It's not full proof still but it will stop a lot more nasties than most host based AV/firewall tools. Hardware firewalls that are affordable can be bought from companies such as Fortinet, Juniper, Cisco, Sonicwall etc. Or jump on eBay & you can find many of these cheap as well!
    {{ DiscussionBoard.errors[2200717].message }}
  • Profile picture of the author Dennis Gaskill
    @ Caliban

    Thanks for posting that information. I didn't know about "honeypot" numbers. It's good to know the banks are proactive to some degree.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[2200792].message }}

Trending Topics