For sale: 1.5 million social network accounts


The demand for compromised social network accounts is now so big on the cybercrime black market that, according to the latest research, just one such underground site has 1.5 million of them for sale.

The international reach of social networks has meant that these sites have become the de facto target for cyber criminals today. As I mentioned previously, they have become popular homes to malware mules. Now iDefense, the cyber security intelligence arm of VeriSign, has uncovered one user called 'kirllos' at a particularly popular crime marketplace site that advertises social networking login details who claims to have 1.5 million compromised accounts. The user is selling these in bulk, at a going rate of $25 per 1,000 accounts with 10 contacts or fewer or $45 for over 10 online friends.

Oddly enough, those accounts that have zero contacts are also rather popular, not least as they make for a good vessel to distribute malware through the exploitation of site vulnerabilities to execute scripts which use friend finder tools to request additional contacts.

Rick Howard, director of intelligence at VeriSign iDefense, warns that the "increasing exploitation of the hundreds of millions of social network users globally signifies a key shift in focus for cyber criminals. The trend for harvesting information from social networking sites has been around for some time now, however cyber criminals typically limited their attacks to social media sites within their own geography. For example, Russian cyber criminals have, typically, targeted users of VKontakte (VK) – a social networking site popular in Russia, Belarus and Ukraine. The malicious exploitation of VK users is almost exclusively limited to cyber criminals within these nations. However the increasing exploitation of users of popular international platforms is important as it signifies that criminals are becoming more and more internationalised – these sites provide a convenient platform for criminals to expand their trade around the globe".

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...