A hacker is peddling 1.5 million Facebook accounts at low price of US$0.25 apiece.
According to reports online, a hacker calling himself Kirllos has put up the large volume of Facebook user names and passwords on an underground hacker forum.
Against the total number of Facebook users, this is estimated to account for one in every 300.
VeriSign's iDefense group found Kirllos' post and pegs the number of accounts sold so far at 700,000.
iDefense did not provide confirmation on whether the accounts are legitimate, but the security company said this follows a trend of hackers stealing social networking IDs from global networks such as Facebook.
Randy Abrams, director of technical education with security firm, Eset, pointed out in a statement that scams practised over social networking sites are able to dupe more people because victims are more trusting, thinking the sender is a friend.
According to Symantec's Internet security threat report for April, the estimated cost of e-mail IDs and passwords typically go for between US$1 and US$20 per account. Credit card and bank account credentials can go up to US$30 for credit cards and US$850 for bank accounts.
This makes Kirllos' asking price of US$25 to US$45 per 1,000 accounts much lower in comparison.
Facebook has been the target of numerous hacking attacks over the last few years. Last month, McAfee warned of an e-mail going around that contained a Facebook password-stealer. Last year, a phishing scam sent a round of private messages to Facebook and Twitter users, with a link to a malware site.