1.5M Facebook accounts up for sale

Computerworld reports that 1.5 million facebook accounts are up for sale by a hacker going by the moniker Kirllos. To be clear, that's .3% of the estimated 400 million total registered Facebook accounts. VeriSign's iDefense group found the hacker selling the accounts in an underground black market forum, but it was the sheer number of accounts that set off alarms. 

The legitimacy of the accounts haven't been confirmed, but Kirllos seems to have sold 700,000 accounts already. While it isn't anything special to sell social-networking credentials online, targeting big sites like Facebook and MySpace is only a recent trend. Randy Abrams, director of technical education at security company Eset, believes that the viral capabilities of modern malware are well-suited to big sites like facebook, where "people will follow it because they believe it was a friend that told them to go to this link." Once the password-stealing malware goes viral, big sites like Facebook are prime breeding grounds for credential lifting. 

Kirllos is selling the accounts at a very deep discount compared to similar transactions. In Symantec's Internet Security Threat Report, email credentials sell at prices between $1 and $20, low quality bank information can go for $15 (high quality can go for $850), and Kirllos wants $0.025 per account. That's one reason why he's selling such a high volume. However, that doesn't mean it's a scam. With such a large volume of accounts, Kirllos can afford to undercut the competition and still come out rich.