Facebook has been awarded $711m after the social network launched legal action against a spammer that stole log-in details of its users.

Sanford Wallace was sued by Facebook in February along with Adam Arzoomanian and Scott Shaw for allegedly obtaining the login credentials. The accounts were then used to send spam to those users' friends starting around November 2008.

The spam either linked to other phishing sites that sought to collect more Facebook account credentials or linked to other commercial websites that paid spammers for referrals.

Facebook "doesn't expect to receive the vast majority of the award", said a company blog. According to court filings, Wallace filed a bankruptcy petition in US Bankruptcy Court for the District of Nevada earlier this year, although the petition was eventually dismissed.

However, the US District Court for the Northern District of California has sent a request to the US Attorney's Office to prosecute Wallace for criminal contempt. The court came up with the $711m figure by awarding $50 per violation of the CAN-SPAM Act.

Wallace is alleged to have violated a temporary restraining order issued on March 2 as well as a preliminary injunction granted on March 24. The orders banned Wallace, Arzoomanian and Shaw from phishing and spamming on Facebook.

"In addition to the judgment, he now faces possible jail time," said Sam O'Rourke of Facebook's legal team. "This is another important victory in our fight against spam."

Facebook is not pursuing claims against Arzoomanian and Shaw. The company may choose to close the file once the default judgment is entered against Wallace, the court filing said.

In May 2008, Wallace was found guilty of violating the CAN-SPAM act and was ordered to pay $230m for spamming and phishing on MySpace. The spam led to gambling, ringtone and pornography sites.

Broadband speed test

PC security advice

See also: Facebook asks users to approve privacy policy