A couple of days ago, major news outlets like the BBC and ABC News Australia reported that a Russian computer hacker is offering for sale stolen passwords and login details of 1.5 million Facebook users. The asking price is for $25 to $45 for batches of 1,000.
At the time, Facebook said it was investigating the matter so that it could "block access to any that might be compromised and restore them to their rightful owners."
Well, a story in today's New York Times provides a bit more information on the situation. The Times reports that researchers at VeriSign’s iDefense division have been the ones tracking the sale of both legitimate and bogus stolen Facebook account information and I guess feeding that information to the press. iDefense claims that the reason for the price differential is that the $25 price is for a batch of Facebook accounts each with 10 or less friends, while $45 buys a batch of accounts each having more than 10 friends.
However, Facebook is now disputing iDefense's claims of legitimate Facebook account information being offered for sale, the Times reports. Facebook says that it has tried to purchase supposedly stolen account information as part of its investigation and has come up empty. It believes that the whole thing is basically bogus and nothing more than a scam.
iDefense said that it did not try to purchase any of the supposedly stolen Facebook information because it is against its corporate policy, the Times says. However, iDefense apparently has not responded directly to Facebook's charge that it is passing along hearsay rather than verified facts - there is nothing about the dispute on iDefense's website at least at the time of this posting.
So, are there 1.5 million stolen but legitimate Facebook accounts really up for sale on the Internet?