Cybercriminals are selling fake and stolen accounts on social networking site Facebook in bulk in the underground economy, according to security researchers.
Criminals typically use Facebook accounts to send spam, send links to malicious software and to commit fraud.
Facebook accounts contain personal information that can be used to commit fraud. Facebook is attractive to fraudsters because of the high level of trust in the site.
Kirllos has sold log-in data for about 700,000 Facebook accounts, according to iDefense estimates.
The hacker was charging $25 for 1,000 Facebook accounts with 10 or fewer friends and $45 for accounts with more than 10 friends.
The inclusion of many accounts with small numbers of friends suggests the seller could have created fake accounts using an automated tool, said iDefense.
But Facebook founder Mark Zuckerberg said the social networking sit has sophisticated ways to defeat fake accounts and he doubted the hacker's claim to control a large number of them.
Rapid-fire friend requests in a short timespan and a high percentage of ignored friend requests send alerts to administrators, Facebook said.
The firm also said an agent tried to buy some of the accounts on offer, but the seller was unable to come up with the goods.