'Spam king' hacked 500,000 Facebook users, sent 27m spam messages

Posted Aug 26, 2015 by James Walker
A Las Vegas man who called himself the 'Spam King' while he used phishing attacks to gain passwords for 500,000 Facebook accounts before sending over 27 million spam messages has pleaded guilty in court.
TechSpot reports on the case of Sanford Wallace, the self-appointed "Spam King" who has been active since the early nineties. Back then, Wallace sent junk faxes to unsuspecting victims but his efforts quickly formed into the notorious Cyber Promotions.
The company became one of the most prolific sources of spam email that the Internet has ever known. Wallace became known as "Spamford" but simply accepted the name, even registering "" to make it his own.
From November 2008 to March 2009, the Spam King set his sights on Facebook users. Using phishing emails to steal login credentials from around 500,000 users, Wallace accessed the accounts to send over 27 million unsolicited messages over the three month period. The spam was crafted to appear as though it came from friends of the victims.
A press release from the FBI says: "According to the indictment, from approximately November 2008 through March 2009, Wallace executed a scheme to send spam messages to Facebook users. Those messages compromised approximately 500,000 legitimate Facebook accounts, and resulted in more than 27 million spam messages being sent through Facebook's servers."
Facebook took action from 2009, starting a lawsuit against Wallace and two other messaging spammers. Wallace was ordered to pay Facebook civil damages of $711 million but he escaped the charge by filing for bankruptcy.
A court totally banned Wallace from accessing Facebook's servers in March 2009. He violated the order just a month later by logging into his account during a Virgin Airways flight. Further violations occurred from January 2011 to February 2011 as he created an account under the name of "David Sinful-Saturdays Fredericks".
In 2009, Wallace was ordered to pay MySpace $234 million because of similar phishing attacks. In 2006, his company smartBOT was hit with a $4.1 million fine from AOL and Concentric Network due to installing spyware on computers. He has also used the names "Spamford Wallace" and "David Frederix".
Wallace could face a three-year prison sentence and charges of up to $250,000 when sentenced on December 7. He was released on bond on Monday after pleading guilty to the charges of fraud, illegal accessing of computer systems and criminal contempt in connection with electronic mail.