Christopher Boyd blogs:
Below is a rather bland FarmVille phish that was brought to my attention by a friend who had it posted to their Facebook account. The entire page is blank save for the fake login.
[…]
Nothing spectacular, I’m sure you’ll agree. However, we did a little digging around on the same URL and came across a large collection what the site claims are stolen Facebook logins dating from July right up to today.
Read more on SunbeltBlog. Note that in a comment, it says that this has been reported to Facebook and all those affected are having their passwords reset. Of course, in light of the new malware going around with the subject line that “Your Facebook Password has been reset,” this could be a recipe for more problems.