Facebook users were warned today to be extra vigilant, after it emerged that criminals are running an online password hacking service, charging just $100 (£61) per account.

Researchers at security vendor PandaLabs discovered the site, which displays the message: "With our site you can hack any Facebook account that you need. Our server uses revealed 'holes' in Facebook.com protection and gets access to databases of all users."

However, it is still unclear whether the site, which is hosted on a domain registered in Moscow, has been set up to scam visitors into parting with their cash or whether it can actually return real Facebook passwords if users pay the fee and enter the relevant account ID.

"In any case, the web page is very well designed. It is easy to contract the service and become either the victim of an online fraud or a cyber-criminal and accomplice in identity theft," said PandaLabs technical director Luis Corrons.

"Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen. Similarly, those accounts can be used to send malware, spam or other threats to the victim's contacts."