Facebook has been targeted by a phishing scam, with people who clicked on links out to fake sites inadvertently giving their passwords away.
The scam saw already-compromised accounts used to send out emails to thousands of friends with a link to a dummy site that looked like Facebook.
This site then urged the person to log in, thus extracting the user's password.
Cleaning it up
Facebook spokesman Barryt Schnitt told Reuters that the site was now cleaning up the problem, although no word on how many accounts were compromised was forthcoming.
References to the fake domains include www.151.im, www.121.im and www.123.im. Have been removed from the site.
The compromised accounts may well have been used, at a later date, to spam adverts for products.