According to InformationWeek, the iDefense division of Verisign told The New York Times that cybercriminals are selling huge lots of stolen and fake Facebook accounts enticed by the openness and amount of user information in their accounts.

Facebook's endlessly-expanding user base progressively seems more attractive to hackers with over 400 million accounts and a foreseeing of $1 billion in profits this year. In spite of everything, users must include a real name and often share information that defines one's identity such as location and date of birth.

iDefense has tracked hacker Kirllos' attempts to sell log-in information for 1.5 million Facebook accounts across several illegal criminal trading sites which are not well known. Based on the estimation of iDefense, up till now, Kirllos has already sold 700,000 Facebook accounts' log-in data.

Kirllos supplied collections of 1,000 accounts with less than 10 friends for $25. The director of cyber intelligence at iDefense, Rick Howe, said that the hacker sold a similar collection of users with more than 10 friends for $45.

Users are usually conned to attach malware to log keystrokes or tricked into revealing their passwords by hackers. These cybercriminals usually use phishing techniques to con users and use the information to distribute malicious applications, launch denial of service attacks, run identity fraud, access financial accounts, or send out spam.

Security experts advised users to create strong passwords and avoid from clicking on unknown or suspected links to protect against phishing.