Criminals typically use Facebook accounts to send spam, send links to malicious software and to commit fraud.
Facebook accounts contain personal information that can be used to commit fraud. Facebook is attractive to fraudsters because of the high level of trust in the site.
In February alone, a hacker using the name "kirllos" tried to sell log-in credentials for 1.5m Facebook accounts through online criminal sites, VeriSign's iDefense division told The New York Times.
Kirllos has sold log-in data for about 700 000 Facebook accounts, according to iDefense estimates.
The hacker was charging $25 for 1000 Facebook accounts with 10 or fewer friends and $45 for accounts with more than 10 friends.
The inclusion of many accounts with small numbers of friends suggests the seller could have created fake accounts using an automated tool, said iDefense.
But Facebook founder Mark Zuckerberg said the social networking site has sophisticated ways to defeat fake accounts and he doubted the hacker's claim to control a large number of them.
Rapid-fire friend requests in a short timespan and a high percentage of ignored friend requests send alerts to administrators, Facebook said.
The firm also said an agent tried to buy some of the accounts on offer, but the seller was unable to come up with the goods.
This story was first published by Computer Weekly