Verisign’s iDefence has uncovered evidence that a hacker by the name of Kirllos is apparently selling a massive number of social networking accounts on an underground forum.
Kirllos claims to have around one and half million social networking usernames and passwords for sale and the higher the number of contacts on the accounts, the higher the asking price.
According to iDefence, for accounts with 10 contacts or less, Kirllos is asking for $25 for 1000 accounts. For those with over 10 contacts the hacker wants $45 for 1000.
“There are two things that make this discovery interesting: the volume of social network account credentials discovered, and the fact that we are seeing an eastern European hacker dip into western social networks,” said Rik Howard, director of intelligence at iDefense
“In the past, most hackers have been content to stay with their own local social networking services.”
We all know that nothing is 100 percent secure on the Internet, or at least we should do by now, but Howard reckons that social networking sites need to buck up on security.
“Security should really be a priority for social networks in all territories. Social networks should work to assess and implement additional security features on their platforms as threats evolve, helping to protect themselves and their users from emerging threats,” he said.
So why would anyone want to bulk buy other people’s Facebook accounts?
According to iDefense, criminals could use the data to set up fraudulent bank accounts, money transfer scams and for stealing identities.
Howard also highlighted how businesses could suffer because many employees are accessing sites like Facebook whilst at work.
“If a user’s account is compromised, any information pertaining to that account could end up on the black market which could mean more spam or malware heading for corporate email accounts if the company’s details are listed by the user,” said Howard.
“Malware ending up on a corporate network as a result of an employee’s social networking activity could mean loss or corruption of data if stringent IT policies are not in place.”
It isn’t clear whether the accounts that Kirllos is selling are legitimate accounts, but authentic or not, he has already sold around 700,000 according to iDefence.
The worrying thing is, we’ve no way of knowing if ours is amongst them.
No comments:
Post a Comment