A Russian hacker is believed to have stolen 1.5 million Facebook logins, meaning one out of every 300 accounts.  The hacker, who calls himself “kirllos” and currently lives in New Zealand, says he can sell you 1,000 Facebook logins for $25 or an account for as little as 25 cents each.  Pricing depends on how many friends the account holder has.  About 700,000 accounts have been sold so far on an underground website but it is unknown if they are legitimate accounts for real Facebook users.

According to Facebook’s Simon Axten, Facebook is investigating the specific accounts kirllos has put up for sale and will block access to those that have been hacked until they can be restored to their original users.  In one previous Facebook scam, criminals sent out messages from a compromised account telling friends that they were trapped in a foreign country and needed money.  Hackers also send out links to malicous software to friends of the account holder.

Someone can obtain a Facebook account for very cheap.  There are 400 million users worldwide and many fall victim to scams each day.  Only add friends that you know, make sure your privacy settings protect your personal information, and don’t click on suspicious links.

Changing your passwords regularly is important, right?  Frequent password changes are intended to increase computer security, but users hate having to do it.  The most commonly used passwords are password, 12345, qwerty, and abc123.  Surprisingly, a recent study done by a Microsoft researcher states that changing your password is not necessary for password security.  He claims user education is not working and scheduled password updates offer little benefit in exchange for the effort and time they require.

In the report, Cormac Herley says “Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.” The full report can be found here.

Some websites even prompt users to change their password often.  Passwords can be stolen through phishing or keylogging and once a password is stolen, the strength of it is irrelevant.  If a hacker obtains a password they will most likely use it immediately and not hold onto it for weeks or months.  Use different, complex passwords for each of your accounts and consider using a password manager that can generate them for you.  Some users even write their new password on sticky notes and put them on their computer, which is not a good idea.  Have a password that is easy for you to remember but not easy to guess.  The strongest passwords contain both letters and numbers and have some upper and lower case letters.  Many websites even show password strength meters, which give users an idea of the quality of their password.  The study also calculates that a task like changing a password and requiring one minute per day from every working adult in the U.S. costs about $15.9 billion per year.

Online users are still opening spam email intentionally, despite awareness of the consequences.  The Ipsos Messaging Anti-Abuse Working Group (MAAWG) conducted a 2010 survey in the US, Canada, and Western Europe and found some shocking results.  They found that almost half of all North American and Western European users admitted to having opened spam intentionally to either unsubscribe, out of curiosity, to complain to the sender, or out of actual interest in the products or services offered.  About 18% wanted to “see what would happen” if they opened spam, while 4% are actually replying to spam.

Out of all six countries that were surveyed, 84% were aware of computer bots.  One-third say they consider it likely they will be infected but one in five are unsure how they would recognize a bot infection on their computer.  The continuous actions done by email users that receive spam are leading to the increase in botnets.  Less than half of email users think that stopping viruses is their own responsibility.  Nine in ten said their antivirus software was updated regularly, with 46% saying it is done automatically.  A good 43% report they would turn to their antivirus software company to get their computer repaired.  About 44% consider themselves “somewhat experienced” when it relates to internet security, while 20% considered themselves “very experienced.”   Many users do not even flag or report spam.

Who should be responsible for stopping the spread of viruses, fraudulent email, spyware, and spam?  About 65% feel it’s the ISPs and ESPs responsibility, 54%  feel antivirus companies are responsible, and 48% hold themselves responsible.  A great deal of importance is placed on emails containing receipts or shipping details for purchases (70%).  Those under the age of 35 are more likely to think billing notifications and marketing materials are important, while those aged 55 and older feel newsletters are important.  The survey also found that Canadian users are most likely to avoid posting their email address online, whereas more internet users in the US, Canada, and Germany are likely to set up another email address to avoid receiving spam.  How often do you click on a spam message?