Below is a rather bland FarmVille phish that was brought to my attention by a friend who had it posted to their Facebook account. The entire page is blank save for the fake login:
Nothing spectacular, I’m sure you’ll agree. However, we did a little digging around on the same URL and came across a large collection what the site claims are stolen Facebook logins dating from July right up to today:
Click to Enlarge
While we can’t confirm these logins were obtained via the FarmVille phish (that seems a little too crude to be grabbing this many username / password combinations), there’s a good chance that many of the users on the list use the same passwords for their email accounts as their Facebook login. We have everything from Yahoo and GMail to Hotmail and AIM on there – not great in terms of the amount of personal data that might be accessible.
As far as numbers go (and accounting for the fact that there are some duplicates / clearly fake entries on there) this is what you get when you paste the accounts line for line into Word:
2,859 lines of text sitting in the table of data, each with a login ready and waiting to be plundered. The site appeared to be rather popular before we notifed Facebook to have it taken down:
If you compare the above stats to those in the first screenshot, the pageviews have gone up by just under 300 since yesterday.
It’s entirely possible there are more of these account dumps out there, seeing as this one was numbered – worse, we’ve since found another dump which has some (but not all) of the same data posted to it along with logins not present in the first batch. The second site is registered to a Chinese email address, and doesn’t seem to be related to the “Facebook” logins so there may be numerous individuals having some fun here.
As always, be careful what you’re clicking on.
Christopher Boyd