Hackers promise to deliver login and password credentials for any account

Dark Reading Staff, Dark Reading

September 19, 2009

2 Min Read

PandaLabs today announced the discovery of an online service that promises to hack into any Facebook account for $100.

The service's creators claim, "Any Facebook account can be hacked," promising to provide clients with the login and password credentials to access any account on the popular social networking site.

"The service's real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service," says Luis Corrons, technical director of PandaLabs. "In any case, the Web page is very well-designed. It is easy to contract the service and become either the victim of an online fraud, or a cybercriminal and accomplice in identity theft.

"Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen," Corrons explains. "Similarly, those accounts can also be used to send malware, spam, or other threats to the victim's contacts. In the case of celebrities or other well-known entities, they can be used to defame the account holder, spread information in their name, etc."

In addition to extorting money and obtaining access to clients' bank account information, the service also has characteristics in line with hacker affiliate programs, PandaLabs says. Common among cybercriminals, hacker affiliate programs offer other cybercriminals money to spread malware.

It is likely that the cybercriminals behind this operation are members of an Eastern European Internet mafia because payments are conducted online through Western Union wire transfers to a payee in Ukraine, PandaLabs says. "The domain that hosts the service is registered in Moscow, providing further evidence of this theory," the research lab says.

The hackers claim to have been offering this service for four years and that only 1 percent of accounts proved to be hack-proof. In these cases, they offer clients a money-back guarantee. However, the domain is just a few days old, PandaLabs says.

A series of images illustrating the sales flow can be found on the PandaLabs blog.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights