Site Hacking Facebook Accounts for $100 a Pop

Says Only 1% of Sites Unhackable

Get the WebProNews Newsletter:

[ Social Media]

Security company Panda Labs has discovered an online service that promises to hack into Facebook accounts for $100. They claim they will provide "clients" with login and password information to access any account on the social network. Do you feel like your information is secure on Facebook? Comment here.

"The service’s real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service," says PandaLabs Technical Director Luis Corrons. "In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft. Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen."

"Similarly, those accounts can also be used to send malware, spam or other threats to the victim’s contacts," adds Corrons. "In the case of celebrities or other well-known entities, they can be used to defame the account holder, spread information in their name, etc. In any event, this is criminal activity."

Facebook hacking site

Panda Labs says that in addition to extorting money and obtaining access to clients’ bank account information, the service also has characteristics in line with hacker affiliate programs. Essentially, these offer money to other cyber criminals for spreading malware. This particular site offers extra dollar-credits to spend on the service when users hack more accounts. Users are told they can get 20% of what they sell in credits for hacking more accounts.

The domain that hosts the site is registered in Moscow. Panda Labs speculates that the cybercriminals behind the site are members of an Eastern European Internet Mafia. Payments are conducted through Western Union to the Ukraine. The site claims to have been around for four years, with only one percent of Facebook accounts deemed "hack-proof."

Facebook recently announced some big milestones. They have almost as many users as there are residents in the United States, and the company is now making money. It’s unfortunate that security issues continue to plague the site (and social media in general), and impede its true potential. It’s still easy to find people that are not using Facebook, and simply don’t want to because they don’t like having their information out there for people to see. Things like this aren’t going to do anything to change their minds.

Do you know people that are resistant to social media because of privacy and security concerns? Tell us.

Site Hacking Facebook Accounts for $100 a Pop
Top Rated White Papers and Resources
  • http://jonhappiness.blogspot.com jonharules

    As the technology advances so as the crime techniques. Social networking sites are huge targets because of the large amount of users and the TRUST given to them. Wow this site should be banned or something because it’s a downright campaign for thief.

  • Guest

    I don’t even feel my information is secure within Facebook.
    Facebook itself is the most dodgy community every, i would gladly leave there and delete all my information from their database if i COULD.
    I’m more concerned what facebook will do with my information than what any hacker could use it for tbvh.

  • Jon Peters

    Many times sites like this work as follows:

    1. The user who wants to enters their personal data, pays with a credit card.
    2. The ‘company’ sends the user a message saying sorry this particular account could not be hacked.
    3. The ‘company’ steals the information provided to them by the paying client and uses it for identify theft or sells it to an organization that does.
    • Jon Peters


      1. The user who wants to hack the facebook account of another, enters their personal data, pays with a credit card.

  • Stupidscript

    It would be amazing to me if Facebook used no encryption or relied on simple stuff like md5() for password storage. I have seen the video demonstrating how a hack of a Hotmail account might work (although goodness knows the video is plenty easy to fake), and that method/website depends on an md5() hash, which is well-known to be easily decrypted.

    Unless Facebook is using stupidly simple encryption in their databases, it seems hard to believe that any service penetrate the database, grab member data and then easily decrypt what it found.

    • Guest

      Do you even know what MD5 is? It is a hash – and cannot be decrypted.

      (Sure dictionary attacks are possible but thats a completely different thing.)

      • Stupidscript

        Not sure if you have been paying attention, but at issue is the revealing of account info on Facebook accounts. Facebook. Not a database where anything sophisticated happens. A dictionary attack would probably work just fine for the majority of accounts on Facebook. Just like the Hotmail account I referred to having been cracked in the YouTube video. Decrypted is decrypted by any means. WebProNews, probably not so easy.

      • Stupidscript

        Any algorithm that was capable of using a random salt would be better than md5(), which IS a very simple hashing algorithm. So that should help you with my statement about “simple” encryption methods on Facebook.

  • Guest

    I tried some ads on face book once then about 6 mo later balm! they hit my credit card for nothing so I took off what information I could and killed the card and never went back.

  • Guest

    Anyone who thinks that ANYTHING including your BANK INFORMATION, SOCIAL SECURITY RETIREMENT INFORMATION, HEALTH INFORMATION right down to anything YOU VIEW OR ORDER OR RESPOND TO is confidential is certifiable as ABSOLUTELY UNINFORMED! Nothing including this correspondence is “anonymous”. No move you make, no breath you take, online, is private. And the good news is this fantastic phenomenon is about to be deployed over your whole life OFFLINE! Like President Kenedy said, “Americans don’t do it because it’s easy. Americans do it because it is difficult”. RIP

  • Guest

    I dont think it is 100% safe iny any senerio on the net even email accounts can be infiltrated by hackers as I just found out. I had to literally close down one of my yahoo addresses because a hacker and he was using it to send poaching emails. I actually spoke to the person and asked him a few questions and copped a heap of abuse so I closed the account. Luckly there was ni personal kinfo exept my name and address listed there. SO EVERY ONE NEEDS TO BE CAREFULL No matter what they are doing.

    • Guest

      In reply I must say before leaving, you are correct. However, not nearly forceful or informed enough, so here’s a little something to conjure over morning coffee. Have you ever heard of “NIEM”? Well they are having a National Training Event in Baltimore from Sept 30 to Oct 2, ’09.

      Here’s a quote from their literature, “NIEM, the National Information Exchange Model, is a partnership of the U.S. Department of Justice and the Department of Homeland Security. It is designed to develop, disseminate and support enterprise-wide information exchange standards and processes that can enable jurisdictions to effectively share critical information in emergency situations, as well as support the day-to-day operations of agencies throughout the nation.”

      On the more sinister side, here’s a quote you most likley will not read anywhere but here. “One such domain currently engaged in NIEM is Justice. The Justice domain includes information of interest to governmental and quasi-governmental agencies whose functions relate to the reporting and investigation of crime, the apprehension of suspected offenders, the provision of services to victims and the general public, prosecution of those charged with criminal offenses, adjudication, pre-trial services, judicial processing and sentencing, and correctional confinement and supervision, among others. The Justice domain addresses the information of interest to disciplines such as law enforcement, prosecution, defense, correctional supervision (both institutional and community supervision), and the judiciary.

      Domains currently addressed in NIEM include Justice, Intelligence, Immigration, Emergency Management, International Trade, Infrastructure Protection, and Information Assurance. As success is achieved and demonstrated in these domains, it is anticipated that other domains, such as Health & Human Services and Transportation, will also participate in the development and utilization of NIEM standards.


      My rant is done. Just don’t be so willing to give up your freedom because you think it’s being protected. It’s not, and you are not. Privacy is the life blood of democracy and the wooden stake to the heart of those who would see you live in darkness, toiling away to pay off their debts. Stand up, take charge of yourself and LIE LIKE HELL ON FACEBOOK. IT DRIVES THEM CRAZY!

  • http://www.vicktrade.com Fania

    I haven’t visited my facebook accounts for many months, since it was blocked.
    But I don’t know what will be safe on the internet. when you bought something on the internet, when you type your payment information on that websites or else, it is very possible to be hacked, too. So I always keep thinking the safety of the internet has a hard job. How to make sure the privacy would be kept?

  • http://surveymoney.x10hosting.com tony

    I am a single mom and lost my job about 3 months ago due to a layoff. I was scrambling to find work and came across online paid surveys. I thought why not try it well to my suprise I made almost $2000 dollars last month doing surveys from home and I didnt have to spend a dime up front.

    This has saved my house from foreclosure and I wanted to share this story so that others with the same plight might do the same thing.You can work from home and make a living it does take a while to get up to $2000 a month. I made about $500 my first month and this is month 3.

    This is a legitimate paid survey opportunity with no upfront money needed.I have detailed exactly how I did this on my webpage here http://www.surveymoney.x10hosting.com you may have to copy and paste that but check it out I detail exactly how to this for free.

  • Ryan Kempf

    I think it will come down to this I think picture identification will be required before you login into any Social Network meaning that a picture will need to be taken every time a person logs into their account in addition to that a thumb print will be taken I believe that would be the safest way to login

  • http://www.allworldindex.com I give free links to good sites

    I don’t feel my information is safe on any site. That’s why I am very careful about giving out my information. Never trust anyone or anything, that’s the best way. As for that site that will help you hack into an account, they should be put in jail, that is basically breaking and entering.

    I think it’s true that only 1% of sites are unhackable, these hackers are smart people, they live to hack, that’s all they do is work on hacking

    I don’t think anyone is thinking security, they are thinking how much money can they bring in. I feel that most of these social networking sites are just simple thrown together sites with little security.

  • http://www.washingtonmonthly.com Neil B ?

    My whole FB page is messed up. I can’t see my mail, post comments, reach the chat, etc. They put out a notice that many people couldn’t see their Inboxes, but my problem is worse than that. I give credit for this: I put out a complaint, and got email back from them the next day. I don’t know how good the security is, but it shouldn’t be as hackable as this article implies.

  • jp merlano

    Nothing online is safe. You must systematically adapt your self to only share with others online what can’t come back to you and hurt you to include identity theft. I recycle my passwords periodically. Also, I report my credit cards lost periodically in case my cc have been cloned. In summation, be smart. If you have not done so, GET SMART!

  • http://www.amazing-health-products.com Kerry

    Why do people put their “private” information on FaceBook anyway? When they ask for a birth date, why put in your real one? Who cares how old you are? Most of the people you connect with are your friends and they know how old you are? If it is for birthday announcements or cards, put the date, but screw up the YEAR! FaceBook is FREE so there should not be a need to add credit card information. If you are buying ads, then you are on your own. There are FREE ways to promote your business on the internet and so no need to buy ads on FaceBook and risk giving up your credit card information to just one more site when you have no idea how safe it is. Shipping information, Mailing addresses, phone numbers and names are public knowledge so there is no reason to hide those. Minors, however, should NEVER give out their addresses or phone numbers even to people they know since they don’t know who is watching and listening and minors are not listed in public records. Be sure to resize and resample any pictures you upload so that they will not print clearly. You can resample pictures so that they look fine on the computer screen, but when printed they are grainy and blurry and of poor quality so that they cannot be re-used by anyone in print and are very hard to match if someone tries to super-impose them into other pictures — the match has to be perfect or the final image will look fake. So save a good copy of your images and put junky ones up on the websites you are members of. If you want to chat about personal stuff, use the phone!!! gee, what a concept — the telephone!! If you want to buy something on the internet, either only buy from familiar companies, or to be more secure, USE THE PHONE AND CALL IN YOUR ORDER. shees.

    • John

      That is hilarious! So calling someone who is in a call center with hundreds of other people listening, repeating your credit card number out loud is safe, huh? When you enter your info in a secured form, no human ever actually sees it. It can be hacked, but don’t you think the companies you call, also keep their information in a networked environment? Understand the technology before bashing it.

  • JK

    I was reluctant to use facebook, but everyone kept saying I should be there. When I did, and left my page alone for a week due to being busy, others on my contact list were starting to get malicious content from my facebook account. I think I will remove it now. It hasn’t done me any good to be exposed in this way and I do not feel safe. I’m grateful to this article and others pointing out the fact that social media just doesn’t have the answers to protection yet.

  • http://officialsafetyandsecurity.com Official Safety and Security

    Safety and security are an illusion ANYWHERE. The internet and social sites are just the new frontier for it. That’s why I published a web site dedicated to safety and security products. Stopping hackers is a specialized field but too often we take our off line safety for granted. How often do you hear people who were mugged, raped or burglarized say they didn’t see it coming. Criminals are all around us. Why does it surprise us when our FaceBook account gets hacked. We all need to be vigilent to protect ourselves and our loved ones both on and off line. Thanks, Chris.

  • Guest

    oops! Well, I did feel safe on facebook ( because I have settings for friends only) but after reading this article, I don’t feel safe now!

  • Guest

    From everything I had heard about it from other people, I had decided it was NOT for me!
    Which turned out to be a good decision! I don’t believe anything is too safe!

  • http://www.piedesigns.co.za Kevin

    Personally I think the apps that are allowed to integrate into or with Facebook should be screened far more rigorously. Facebook like MySpace have apps that are available that are truly in bad taste & particularly inappropriate for kids.
    All social networks are for business become an integral & important part of marketing, they should however start doing things better taste.

  • Virginia

    I don’t post anything I wouldn’t want the world to see. Why would anyone post anything private on a site like FB?

  • http://www.zerovib.com Bounce House

    I received the worst virus ever a few months back when I opened a video that I was lead to believe that one of my “Facebook Friends” had sent me. It completely distroyed everything in my computer.

    But the worst part is that once I opened it, it grabed my list of friends and sent it to them as if it were coming from me!

    I was able to warn most of my friends but not all. That was a terrible feeling, worse than losing my own computer.

  • Guest

    One of the emerging problems will be the single sign on identity protocol that more SM sites are adopting.
    You store one userid and password at the SSO site and use it to register userid/password at supporting sites.
    While convenient it provides a single point of attack.
    It is part of MSFT/Yahoo/Google initiative and plays a big role in Open Social APIs that allows one app to work on any site that supports OSAPI.

    Another FB problem is the scanners that pull your public profile data and links to your friends.
    These spiders collect what is exposed to create a virtual image of you and your network.
    If these spiders also get your userid/password, they can crawl all websites with user login features that also support SSO.
    There is a good chance that they will either match on uid or password or both.

    The best solution is to create an alternate persona (different name) and use this for SM site registration and never use the same password.

  • http://clonehigh.net David

    Oh my god, one of my sister’s boyfriends did that and hacked her account, this is for crazy people only.

  • Rio – Indonesia

    For the money a lot people is going crazy and think short, They hacking FB because there is a chance to hack, and feel proud what their did. They don’t think that social community is more than important than $100.

  • http://www.thefreemoneyhub.com freemoneyhub

    i was subscribe to your feeds but upon reading this to my email i was shocked facebook must do something about this i thought they have all the best security features being the no. 1 social networking site

  • Rockman

    Are you serious? Security on social networking sites? You don’t need to hack what is already publicly available. What do you expect when you put personal info on the Web for thousands of “friends” to see. Besides, FB defaults to “share my info with everyone” and the “give us access to your address book so we can help you find your friends” is an option many unknowingly choose.

    Call me square but social networking sites are for students, slackers, or celebrities’ publicists (“wow, ashton kucher has a trillion followers!!”). Between work, hobbies (triathlons, not online gaming), and family who has time to dick around with vanity sites. Losers deserve what they get.

    • Guest

      I’m not going to call you square – ignorant perhaps, a jerk maybe, but not square.

      “Call me square but social networking sites are for students, slackers, or celebrities’ publicists (“wow, ashton kucher has a trillion followers!!”). Between work, hobbies (triathlons, not online gaming), and family who has time to dick around with vanity sites. Losers deserve what they get”

      So anyone who uses social networking is a “loser”? Are YOU serious? I may not train for triathalons – and I seriously doubt that you actually do either – but I do spend quite a bit of time with my family, put in 40+ hours at work each week, and yes I still have some small amount of time to play around on facebook. But I guess because I don’t train for triathalons I’m a loser… yeah, whatever dude.

    • Guest

      hmmm… the fact you mention wow in you comment tells me, that you are in a gaming world of social networking, and paying 16.00 per month for the right…

  • http://www.facebook.com Guest

    Why not beat the middle man. Put a note on your face book stating that there is no need to pay hackers $100 for your information, you will do them a special offer $50 payable directly to you for your OWN personal details on facebook!
    probably make 10 times what you would get with normal advertising & no outlay!
    Anybody that puts exact true details of themselves in a public place deserves what they get,so before putting in the add make sure you make some variations including photographing complete strangers at odd angles, other peoples weird pets & anything else you can think of.

    • http://www.electron-world.com richard

      Why is it one percent of Facebook accounts deemed “hack-proof.” What are these one percent doing that we can all learn from and make facebook a safer, securer experience. ….?

      • Stupidscript

        Passwords that are susceptible to dictionary attacks = 99% of Facebook passwords … probably. The rest of them are too randomized for such an attack, and are therefore immune from it.

  • Guest

    that bring out the anti-social networking crazies, the anti-internet crazies (which are a truly pathetic and hypocritical group), the alarmists, and the misinformed…

    I’m not saying that the article is wrong but all of you who post here and say social networking is a waste of time, that people who use social networking are losers, who say “what’s wrong with using a telephone” (as for THAT one, I’m pretty sure that when telephones first became a household item there were those tiresome hidebound old windbags who asked “what’s wrong with writing a letter?”… the more things change…) I mean come on! If YOU don’t want to use social networking, then GET OFF OF THIS FORUM! Yes indeed, this very forum you have pontificated in about the evils of social networking is indeed a social networking site… anytime an internet site allows user comments it’s a form of social interaction on the internet – those of you who say social networking is a waste of time guess what your hypocritical sorry butt did instead of training for a triathalon? Hmmm, so who is the loser now?

    There are some legitimate concerns that some have brought up but by and large all some people have done here is rant about how evil social networking is rather than say anything bad about the jerks who have this hacking site. And me, I’m just here to point out the hypocrites.

  • http://ronaldredito.org/blog/ Making Money Online With Ronald Redito

    Talking about security, this is becoming alarming. I also have a problem on my Facebook account. I cannot access the chat option on the lower right of the page. There is only a triangle with an apostrophe on its center.

    What seems to be the problem?

  • http://www.besttiffanynow.co.uk Guest

    Thank you for your sharing.Tiffany
    Tiffany 1837

  • http://bajaca.nl Bartjan

    Why doesn’t facebook simply create a account, pay $100, check all the logs to see how (if) they hack the account. And then create countermeasures.
    At least that’s what I would try.

    • Guest

      Most likely they are using a dictionary hack and brute forcing the password. I have read that a 6 digit password, letters and numbers takes a good computer about 3 seconds to find by guessing.

  • http://linkbuildingmart.com Complete Link Building

    Thanks To shearing ….

  • Guest

    I do believe that FB takes certain liberties with our information but, hey, change the setting to ‘friends only”. I don’t like that I can read what my friends write on other friends walls, I don’t like the language that is used and some of the ‘group’ pages and ‘gift’ pages are downright disgusting. Guess what, I don’t join those groups or send those gifts. Yes, I think FB should protect us against hackers but as a reader previously commented, it is all in the public domain – UNLESS YOU CHANGE YOUR SETTING!

  • Beck

    I believe that anything online can be hacked. FB just makes it easier for the hackers, because everything is already gathered on profile pages. Sure, we can set our FB security settings, but what good will it do if a hacker can get in and retrieve our passwords and other personal info in just under five minutes? Obviously, FB is there for its own earning potential, it’s not there to protect its users. They claim to be “working” on improvements, but they are only working on promotion as far as I can tell. Great marketing department, perhaps it now can be considered false advertising, since it’s really luring innocent victims (albeit per their own stupidity) to be set up for more online vulnerability.

    The other thing that amazes me however, are the stupid things that people will post on FB. They are exposing family members in pics, and putting out information about personal schedules, what they are doing, where and when they are doing it, and in many of those pics, all their personal belongings are showing in backgrounds of their pictures. A savvy thief could be watching and waiting for these folks to announce that they are going on vacation. This can be more than just an identity theft issue, it can bring the bad guys and hackers physically into the house. Given the choice, it’s not good either way.

    FB is scary to me. I don’t trust it as far as I can throw it. It’s actually a great connection tool, but too bad it leaves most of its users very vulnerable to attack from many different directions. And, I won’t even get into the psyche problems this is nurturing. I’m sure the online addiction rate has skyrocketed with this stuff, not to mention the incredible amount of time and energy that is now being wasted, especially with folks who are supposed to be working or studying. People just do not have the knowledge anymore or the discipline to control their time with such a tool.

  • http://www.faceformers.com Brenda B

    I definitely don’t feel that my personal info is safe on social media sites. I think it’s time for a new and improved social media site that links all social sites into one gigantic site so that I don’t have to keep switching to the latest and greatest social site.

  • Abeng

    may i know your cp,please send an email.tq before..

  • Guest

    no I don’t feel safe at all my facebook account is hacked and hacker is asking me for $50
    and my e-maik is stolen too. I contact facebook over and over to solve my problem still no respond , so how can I stop that ?



  • Steve Ward

    Just because a shady website CLAIMS it can hack into a given Facebook site, doesn’t mean there’s any legitimacy to the claim. Does Chris Crum have any stats on how many Facebook sites have actually been hacked?

  • http://deck-boards.com Deck Boards

    Come on Chris, ask your boss for a hundred bucks and try the service and tell us if it works. You can do this without breaking the law by hacking an account you have permission to, like a co-worker, or your own.

    How about you tell us what the site is a we’ll try it?

    It should be really easy to tell if it works or not.

    what’s up with PandaLabs? they couldn’t set up a few FaceBook accounts and try the worst of this, the spreading malware thing. I mean damn, is that how they do the rest of their testing? Not exactly fostering confidence. the whole project would take a few days and cost a few hundred bucks, including labor.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom