Full Disclosure mailing list archives
Re: [OT] How much a million facebook passwords would cost?
From: Grandma Eubanks <tborland1 () gmail com>
Date: Thu, 1 Nov 2012 09:39:49 -0500
You guys are discussing something different than the original question. The original question asked for a million username/passwords, not a million valid email addresses. Let's say we get across the verification stage and we find these are valid usernames/passwords at the time and there's no issues with logging in from a different ip or someone found a way around that (mobile). What could we do with a million valid logins? We could check all of the users for duplicate passwords on other sites. Most especially hoping for emails duplicates. Then attack accounts with valid card credentials and no more verification than a password like Amazon. We can crawl it for business accounts or business users we'd like to attack. ->Business accounts for attacking the company's name ->Individual users for attempting to bait them into a better spear phish by abusing their friends We could use it for massive profile spamming by having them post a link somewhere. We could use it for a drive-by campaign by using the same as above, but linking to our own malicious site. We can download their entire facebook lives at the click of a button including private messages, private files, etc. Popperazzi asses can use it to attempt to find celebrities and print out their entire lives to the world. Private photo leaks and all that. Or just drive-by campaign again using celebrity posts about female private nude pictures available at, free music available at, free movie x available at, etc. In fact, a better way to sell it would be to find businesses or high rated people so you can say dump includes: x business with 2k friends y celebrity with 10k friends z musician with 3k friends Instead of just a million individual regular users, that would get more traction on the sales end. All in all, I think it would be best to sell it in bulk or searchable deals. Have an interface search to see if a name is available in the dump then offer individual prices. Or list out the accounts with the most friends. $5 for a regular individual and then have quantifiers for friends of celebirty, business, musician, etc. accounts. $50 * k, where k is the thousands of followers. Then offer bulk rates at 10k regular individuals each for $300-$500. The more you do your own research on what you have, the more profit you could make out of it. On Wed, Oct 31, 2012 at 10:23 PM, <ramo () goodvikings com> wrote:
Not a whole lot it would seem... http://www.forbes.com/sites/andygreenberg/2012/10/25/facebook-investigating-how-bulgarian-man-bought-1-1-million-users-email-addresses-for-five-dollars/ Ramo On Thu, Nov 01, 2012 at 12:37:13AM +0530, Memory Vandal wrote:You buying or selling? MemoryVandal On Wed, Oct 31, 2012 at 10:03 PM, Georgi Guninski <guninski () guninski com>wrote:We are discussing this question: How much a million facebook passwords + lusernames would cost? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJQketPAAoJEAXQWoW8lug/oDAH/Rr1qSGeYVPrXULOFcxCiSjV UperpZnrFlpBT4OOXQ0CfP45EUcnmTG6Nd5zcM2hLkvnd1mBWx4/PlYsKvqtqSnS nvA1j5IyQeyX7X6kXEoIayNbgHBwrXYuIB6YtQw0np1rmLbLlRQG9Xb98fBLHI/9 WeP1uYvEM+4oPIJhh117BimzLGQ0nLymFyiqdXruzFiUHm9rlyTgKXxqij8sij/1 fIO5T2R9OAnwMppy+Nx8bfZbh6M5N2UdF9NyQiuwNjydGsQMy5lfbaZUsupQc2hh UmRc18hEbe82diEoTkMMSfCt3S1fgmQMSaDocuXVJFcbUTsc85N2JJzbRAzBVKU= =RAq9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [OT] How much a million facebook passwords would cost? Julius Kivimäki (Nov 01)
- <Possible follow-ups>
- Re: [OT] How much a million facebook passwords would cost? Gonzalo Brusella (Nov 01)
- Re: [OT] How much a million facebook passwords would cost? ramo (Nov 01)
- Re: [OT] How much a million facebook passwords would cost? Grandma Eubanks (Nov 01)