Facebook Hacker Absconds With Thousands Of User Profiles


Investigators said that the alleged cyber thief, known as Kirllos, had succeeded in hacking into numerous Facebook accounts, which he planned to sell on online hacker forums, according to IDG New Service.

Facebook has identified the suspect, who apparently hails from Russia, but the social networking giant is thus far not naming names.

"We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," a Facebook spokesman told IDG News Service.

Kirllos essentially sold batches of 1,000 accounts at bargain basement prices -- somewhere between $25 and $45 per transaction, depending on the quality of the accounts and how many connections the user had.

Sponsored post

There was some dispute about the number of accounts Kirllos was actually selling. Researchers at VeriSign iDefense group first caught on to Kirllos' antics after he claimed to have an unusually large number of profiles for sale, which at first appeared to be close to700,000 accounts, according to VeriSign.

Facebook investigators were later able to determine what Kirrlos had done by analyzing a sample of hacked accounts Kirllos had made public to authenticate his claims.

However, while Kirllos' does appear to have hacked into Facebook accounts, the Russian cyber criminal apparently greatly exaggerated the number and likely only absconded with a few thousand user profiles likely obtained via phishing attacks, Trojans and similar tactics, the Facebook spokesperson said to IDG News Service.

Not surprisingly, Krillos has disappeared from hacker forums after his ploy was publicly revealed.

Facebook has since notified the victims whose accounts were compromised and reset their passwords.

Facebook also handed over information obtained on the Russian hacker to law enforcement, although it probably won't to lead to an arrest. Given that law enforcement would have to jump through a lot of red tape to first find and then extradite a two-bit hacker from Russia, a prosecution seems highly unlikely.