According to Verisign’s iDefense, Kirllos, a hacker from Russia is selling Facebook login information for either $25 or $45 per 1,000 acounts (less if the accounts have less than 10 friends). So far he phished around 1.5 million users for their logins and is selling them on the antichat.ru forums.This might not sound as serious news, but when you really think about it, whoever buys those e-mail addresses and passwords can do some serious damage with them. First, they can use your account to infect other people’s computers by posting links to malware infected websites. They can also use it try to trick your Facebook friends out of money by pretending to be you and asking them to wire you some emergency cash (as unlikely as this sounds, there were people that lost thousands of dollars this way already). It can also be used to embarrass, harass, or blackmail you by posting humiliating or hateful content on other people’s profiles, or stealing private photos.
Plus with the Facebook Connect feature now becoming the single sign-on engine for the web (when you sign onto Facebook you can also instantly login to other website under your Facebook identity), hackers can use that to exploit you.
And the last, and scariest part is that once a hacker or crook has your e-mail address and favorite password, he can gain access to almost everything you do online, from your bank accounts, to websites that have your shopping information already saved (such as PayPal or gain access to your credit card information).
In the case that you might have gotten your password information stolen, or worse still, sold, you should go and change your password to something a bit tricky to remember or figure out. Also try to include numbers and vary between capitals in your password. And the last tip is to try and change your password every couple of months just to be safe.