There are several reports stating that one and half million Facebook accounts are for sale on an underground forum by a hacker calling himself Kirllos, which equates to about 1 account in 300 being up for grabs. VeriSign's iDefense group estimates that almost half of the accounts have been sold already.
Kirllos' is asking $25 for 1,000 users with less than 10 friends or $45 for those with eleven or more. This is quite cheap given that e-mail IDs and passwords typically go for between $1 and $20 per account, and credit card and bank account credentials can go up to $30 for credit cards and $850 for bank accounts.
As usual, Facebook users should check their passwords.