A couple of days ago, major news outlets like the BBC and ABC News Australiareported that a Russian computer hacker is offering for sale stolen passwords and login details of 1.5 million Facebook users. The asking price is for $25 to $45 for batches of 1,000.
At the time, Facebook said it was investigating the matter so that it could "block access to any that might be compromised and restore them to their rightful owners."
Well, a story in today's New York Times provides a bit more information on the situation. The Times reports that researchers at VeriSign’s iDefense division have been the ones tracking the sale of both legitimate and bogus stolen Facebook account information and I guess feeding that information to the press. iDefense claims that the reason for the price differential is that the $25 price is for a batch of Facebook accounts each with 10 or less friends, while $45 buys a batch of accounts each having more than 10 friends.
However, Facebook is now disputing iDefense's claims of legitimate Facebook account information being offered for sale, the Times reports. Facebook says that it has tried to purchase supposedly stolen account information as part of its investigation and has come up empty. It believes that the whole thing is basically bogus and nothing more than a scam.
iDefense said that it did not try to purchase any of the supposedly stolen Facebook information because it is against its corporate policy, the Times says. However, iDefense apparently has not responded directly to Facebook's charge that it is passing along hearsay rather than verified facts - there is nothing about the dispute on iDefense's website at least at the time of this posting.
So, are there 1.5 million stolen but legitimate Facebook accounts really up for sale on the Internet?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.