Facebook has pledged to improve security after login information was purportedly stolen by a nasty piece of malware.
Researchers from Seculert claimed over 45,000 Facebook logins had been acquired by cyber criminals running the Ramnit worm.
Most of the logins were of users from the UK and France, Seculert said.
Thus far, we have not seen the virus propagating on Facebook itself.
Ramnit, previously believed to be a largely financially-focused malware family, is believed to have infected around 800,000 machines between September and December 2011.
"Our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials," a blog from Seculert read.
"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cyber criminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."
Having received the data from Seculert, Facebook said the majority of it was "out-of-date." Nevertheless, it has taken steps to alert affected users and improve security on the site.
"We have initiated remedial steps for all affected users to ensure the security of their accounts. Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices," a spokesperson told IT Pro.
"People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information."
Facebook has been quick to rebuff security scares before. In October last year, reports suggested a group calling themselves Team Swastika had stolen 10,000 account logins.
The social network quickly noted the details did not relate to any active accounts.
Later that month, Facebook rejected claims 600,000 accounts were being compromised every day.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Latest Meta GDPR fine brings 12-month total to more than €1 billionNews Meta was issued with two hefty GDPR fines for “forcing” users to consent to data processing
-
"Unacceptable" data scraping lands Meta a £228m data protection fineNews The much-awaited decision follows the scraping of half a billion users' data and received unanimous approval from EU regulators
-
Meta notifies around 1 million Facebook users of potential compromise through malicious appsNews The vast majority of apps targeting iOS users appeared to be genuine apps for managing business functions such as advertising and analytics
-
Facebook business accounts hijacked by infostealer malware campaignNews Threat actors are using LinkedIn phishing to seize business, ad accounts for financial gain
-
Meta begins encrypting Facebook URLs, nullifying tracking countermeasures
News The move has made URL stripping impossible but will improve analytics
-
Meta hit with €17 million fine over multiple GDPR breachesNews The social media giant set aside over €1 billion in November to help it cope with potential fines arising from data protection investigations
-
Meta says Apple's iOS privacy changes will cost it $10 billion in 2022News The company's CFO suggests Google "faces a different set of restrictions" because it pays Apple to remain the default iOS search engine
-
Google, Facebook fined €210 million for making it difficult for users to reject cookiesNews Data regulator CNIL gives companies three months to provide a system for refusing cookies that is as easy as single click consent
