Stolen Facebook Names, Passwords Mostly Old Data

The cyber bandits who nicked 45,000 Facebook user names and passwords with a computer worm Thursday got less than they bargained for.

A "majority" of the credentials stolen by the thieves were "out of date," according to a statement Facebook released to the media Friday. When pressed on the point by blogger Emil Protalinski, a Facebook spokesperson acknowledged that "more than half" of the purloined data contained invalid logins or old or expired passwords.

"Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware," Facebook explains in its statement. "Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts."

Facebook says it is bolstering its antivirus protection and reminds users to "protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook."

According to the Israeli security company Seculert, the Facebook credentials were stolen by the Ramnit worm. "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Seculert says in a company blog.

Ramnit is a two-year-old worm that didn't attract much attention from malware warriors in the past because it primarily uses antiquated techniques to infect executable files in Microsoft Windows. Recently, though, it has been reengineered using borrowed code from an extremely pernicious malware program called Zeus and has become a more powerful threat to all computer users. Seculert estimates that some 800,000 machines worldwide are infected by Ramnit.

In its statement, Facebook "encourage our users to become fans of the Facebook Security Page for additional security information." Visitors to the page, however, will find no information on this latest security threat, and the last posting on the page's "wall" is dated December 26. So if you're really interested in Facebook security information, you might want to look elsewhere to find it.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Subscribe to the Security Watch Newsletter

Comments