VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.
Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.
Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.
Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.
How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.
This is really scary, Triona. Thanks for the warnings – I need to adjust my privacy settings yet again, I see..
Hi Carol, always glad to help. I think it’s a good idea to revisit your Facebook privacy settings on a regular basis. Facebook has been under intense scrutiny for its privacy or lack thereof, and they have been changing the options frequently. Sometimes when they do that they reset your settings or the new options open up things that were previously closed.
Thanks for the distressing news. I have considered closing the Facebook page that I currently have, because I really HATE FB! Is there any way to tell if my (seldom visited) page is one of the hacked ones? Or do I just send a message to all my “friends” telling them that I am closing the account? I use that term loosely, because I only communicate with two of my contacts on there, and that is through other email addresses…
Deb, your best bet is to simply tell people you are closing the account. Facebook has made it notoriously difficult to actually delete an account once it is established, but if you visit their help page they have some instructions on how to do so. Bear in mind that even after the account is deleted, Facebook states that some of your data may remain on their servers, which doesn’t exactly instill confidence in their security!