We reported a few weeks ago that a hacker going by the handle 'Kirllos' had managed to acquire the credentials of 1.5 million Facebook accounts and was selling them at unbelievably low prices in certain black market forums. He reportedly sold close to 700,000 accounts in a short time. There was no conclusive evidence pointing to the legitimacy of Kirllos' claims or of the accounts themselves, according to VeriSign.
ComputerWorld reports that Facebook has identified the real persona behind Kirllos. According to Facebook spokesman Simon Axten, "We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor." Axten won't name names, but he will confirm that the hacker was based out of Russia, and that the 1.5M number is hugely exaggerated. He is a Facebook hacker - Axten confirms that he does indeed have credentials from many Facebook accounts - but he was only using basic social engineering, phishing, and malicious code placement, and likely only successfully discovered a few thousand credential pairs.
Facebook has reset the passwords of the accounts known to have been hacked by Kirllos, and they are trying to cooperate with Russian authorities to help take down Kirllos by releasing everything they know about him to Russian law enforcement. However, it is infamously hard to prosecute Russian hackers from the US, and Kirllos doesn't seem to be making himself an easy target. He all but vanished once the initial offer for the accounts went up, and he shied away from Facebook officials trying to contact him for account purchases.
Image courtesy of Hardwaretricks.