Compromised online accounts for sale
Posted on 19 July 2012.
The recently unearthed website of a service specializing in selling access to compromised email and social networking accounts of Russian and Ukrainian users offers a fascinating glimpse into just how much one such account is worth to spammers.

According to Webroot's Dancho Danchev, the service offers access to Facebook, Twitter, LiveJournal, Vkontakte and other social networking accounts, as well as to email accounts opened with,, and

Wannabe spammers and social engineers can choose to buy accounts by the service, and should be ready to pay 190 rubles ($5.9) for 100 compromised Vkontakte accounts belonging mostly to Russian users, or 180 rubles ($5.6) for the same number belonging to mostly Ukrainian users.

Facebook accounts are somewhat cheaper - 500 for 200 rubles ($6.2), and the same number of compromised Twitter account can be had for 250 rubles ($7.7).

And compromised email accounts are cheaper still:

If the owners of the site and service are to be believed, most of these accounts were compromised through social engineering and brute-forcing.

"What this service offers is an easy entry into the world of cybercrime for average cyber criminals looking for fresh platforms to further disseminate their social engineering campaigns attempting to trick users into interacting with their fraudulent scheme," Danchev comments.

"Once a compromised accounts gets resold, the new owner will abuse the Ďchain of trustí and attempt to serve malware and launch social engineering attacks such as, for instance, phishing knowing that users are more likely to trust a message or a Wall post from a trusted friend. Thatís their way of achieving a positive ROI (return on investment) on their initial purchase."


Keeping passwords safe from cracking

A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Sun, May 24th