Hackers successfully stole passwords from some of Facebook's 200 million users.

Hackers successfully stole passwords from some of Facebook's 200 million users.
By Jim Finkle, Reuters, 15 May 2009 at 08:11

Facebook has been hit by another hacking attack, as a phishing campaign was used to steal passwords from users of the social networking site.

Facebook spokesman Barry Schnitt said that the site was in the process of cleaning up damage from the attack, and that that Facebook was blocking compromised accounts.

Schnitt declined to say how many accounts had been compromised.

The hackers got passwords through what is known as a phishing attack, breaking into accounts of some Facebook members, then sending e-mails to friends and urging them to click on links to fake websites.

Those sites were designed to look like the Facebook home page. The victims were directed to log back in to the site, but actually logged into the one controlled by the hackers, unwittingly giving away their passwords.

The fake domains include www.151.im, www.121.im and www.123.im. Facebook has deleted all references to those domains.

Schnitt said that Facebook's security team believes the hackers intended to collect a large number of credentials, then use those accounts at a later time to send spam hawking fake pharmaceuticals and other goods to Facebook members.

The site fought off a similar attack two weeks ago, he said.

Hackers used a phishing attack last year to spread a malicious virus known as Koobface, a reference to Facebook. It was downloaded onto Facebook members' PCs when they clicked on a link sent to them in an email that looked like it had been sent by a friend on Facebook.

originally posted in
http://www.itpro.co.uk/610861/massive-phishing-attack-hits-facebook?DCMP=KNC-1026&HBX_PK=face+book+password&HBX_OU=50&gclid=CK7Ts9zx1poCFYQH3wodJyBO1g