A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1000 IDs for users with fewer than 10 friends and $45 per 1000 IDs for users with more than 10 friends — according to researchers at VeriSign's iDefense. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.

Information for sale includes login credentials; whether or not the e-mail addresses and passwords are legitimate is currently unknown. Typically, this information would be sold for between $1 and $20 per account, according to data from Symantec. Currently, around 700,000 accounts have been sold. The threads where the accounts are being sold have been removed, as far as we are able to tell.

The users whose e-mail addresses and passwords have been compromised risk having their identities stolen, but they could also become targets of more insidious scams. As always, we will keep you updated about any Facebook scams that come across our news desk.

Hacking Facebook isn't a new hobby for this person. Here's a screenshot of another offer the hacker previously made on a forum earlier this year; then, he was then selling 100,000 hacked accounts from users around the world:

Kirllos also appears to have had an interest in iPhone applications at one point. According to some Antichat.ru forum users, he was born in Russia, lives in New Zealand, is 24 years old and speaks both English and French.

It's generally a good idea to change your password periodically. It's also advisable to ensure that your social networking passwords are all different and to generate difficult passwords that include numbers, capital letters and special characters, if at all possible. Roboform, PassPack and KeePass are a few free or affordable resources to help you manage your online passwords in a secure fashion.

Additionally, our friends at Facebook recommend taking the following precautions:

Use an up-to-date browser that features an anti-phishing blacklist. Some examples include Internet Explorer 8 and Firefox 3.0.10.

Choose unique logins and passwords for each of the websites you use.

Check to see that you're logging in from a legitimate Facebook page with the facebook.com domain.

Be cautious of any message, post or link that looks suspicious or requires an additional login, even if it's coming from a friend.

More tips on securing your account can be found at Facebook's official Security Page.

[img credit: @mikkohypponen]