14 DAY TRIAL // While investigating a basic phishing attack, security researchers from GFI Sunbelt have discovered a public cache containing almost 3,000 stolen Facebook credentials.
Sunbelt researcher Christopher Boyd was looking into a rudimentary FarmVille phish, consisting of a blank a plain HTML with only a username/password form and the text "Log in to use your Facebook account with FarmVille."
It's hard to believe that someone could actually fall for that trick, but a separate page on the same domain displays a list of what appear to be Facebook logins dating from July to present.
"Welcome to our website, here you can view thousands facebook passwords. Please check the end of table, every minute there is a new hacked facebook accounts at the end of table," the page reads.
And indeed, there are 2,859 rows in the table. Some of them might represent duplicate or bogus information, but the majority of credentials are probably valid.
"[...] We can’t confirm these logins were obtained via the FarmVille phish (that seems a little too crude to be grabbing this many username / password combinations)," Mr. Boyd said.
"We have everything from Yahoo and GMail to Hotmail and AIM on there – not great in terms of the amount of personal data that might be accessible," he added.
The main problem here stems from the fact that most people continue to reuse their passwords and that most services require an email address as login.
In conclusion, it's very likely that many of these username and password combination can also be used to access more sensitive accounts belonging to the victims.
In the past we reported about Turkish hackers using similar login data stolen from a Pizza Hut website to access the PayPal accounts of several Israelis and subsequently their credit card details.
The cache discovered by Sunbelt is semi-public, as the page views count has grown by 300 in a single day. Unfortunately, even if it is taken down, the information is already out there.
In fact, since making his initial discovery, Mr. Boyd found another dump containing some of the same data and more.