Security company Trusteer has discovered a ‘factory outlet’ selling user logins for Facebook and Twitter harvested as a sideline during attempts to steal online bank credentials.

The most valuable stolen logins are always for online banking sites but increasingly bank Trojans such as Zeus appear to be recording logins for other sites in case they turn out to be valuable.

Trusteer noticed two cybercrime operations selling these lower-value logins in bulk using underworld advertisements. One of these even adopted US sales parlance, describing what it had to offer as being a “Credential Factory Outlet Sale” that could supply 80GB of stolen data.

As well as Facebook and Twitter (useful for creating spamming accounts), the criminals offered account logins for a web hosting admin system cPanel, useful for anyone wanting to hijack a website to host malware.

It seems that criminals now want to harvest every login they find on a victim’s computer on the basis that it will have some value to somebody at some point.  

“This latest development provides a window into the vast cybercrime aftermarket that has risen up on the internet and been made possible by sophisticated malware,” said Trusteer CTO, Amit Klein.

“Whether it’s bulk drive-by download infections, bulk login credentials, pre-built web-injects, etc., criminals today have an unprecedented arsenal of tools at their disposal to attack banks and enterprises.”

Trusteer said it had contacted the companies affected by the login-stealing, receiving a response from Facebook that it now employed security to “validate” logins backed up by on-demand malware scans.

But Facebook logins are being stolen with ease. Only weeks ago, an Israeli hacker released 100,000 belonging to Arab users as part of a tit-for-tat digital war between the country and in neighbours.