Cybercrooks Sell Stolen Facebook, Twitter Log-ins

Security company Trusteer has discovered a "factory outlet" selling user log-ins for Facebook and Twitter harvested as a sideline during attempts to steal online bank credentials.

The most valuable stolen log-ins are always for online banking sites, but increasingly bank Trojans such as Zeus appear to be recording log-ins for other sites in case they turn out to be valuable.

Trusteer noticed two cybercrime operations selling these lower-value log-ins in bulk using underworld advertisements. One of these even adopted U.S. sales parlance, describing what it had to offer as being a "Credential Factory Outlet Sale" that could supply 80GB of stolen data. (See also "Cyber Crime in 2025: New Threats Mingle with Old Risks.").

As well as Facebook and Twitter (useful for creating spamming accounts), the criminals offered account log-ins for a web hosting admin system cPanel, useful for anyone wanting to hijack a website to host malware.

It seems that criminals now want to harvest every log-in they find on a victim's computer on the basis that it will have some value to somebody at some point.

"This latest development provides a window into the vast cybercrime aftermarket that has risen up on the internet and been made possible by sophisticated malware," said Trusteer CTO Amit Klein.

"Whether it's bulk drive-by download infections, bulk log-in credentials, prebuilt web-injects, etc., criminals today have an unprecedented arsenal of tools at their disposal to attack banks and enterprises."

Trusteer said it had contacted the companies affected by the log-in-stealing, receiving a response from Facebook that it now employed security to "validate" log-ins backed up by on-demand malware scans.

But Facebook log-ins are being stolen with ease. Only weeks ago, an Israeli hacker released 100,000 belonging to Arab users as part of a tit-for-tat digital war between the country and in neighbors.