The Facebook credentials (e-mail addresses and passwords) stolen by an Israeli hacker, who calls himself Hannibal online, last week were in the order of tens of thousands. Although he claimed to have posted some 185,000 stolen accounts, it turned out he had posted fewer than 50,000. Furthermore, Facebook today confirmed with me that the majority of those were invalid and half weren't even related to the social network at all.
"This does not represent a hack of Facebook or anyone's Facebook profiles," a Facebook spokesperson said in a statement. "We have spent time investigating the information and have determined fewer than a third of the credentials were valid and almost half weren't associated with Facebook accounts. Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analyzing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works without legal team to ensure appropriate consequences follow. People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook."
Hannibal obtained tens of thousands of Facebook credentials. He claimed to have first posted 20,000 logins on Sunday, then 30,000 logins on Monday, then 10,000 logins on Tuesday, and 25,000 logins on Wednesday. He went quiet on Thursday. On Friday, he warned everyone that something big was coming and then posted what he claimed was 100,000 more Facebook logins. Furthermore, he announced he will not be posting again because "the Arab hackers are gone" and then declared victory.
As I've already noted, Facebook's automated systems somewhat help fight against such attacks. The company locks down accounts if they're accessed from unrecognized devices or locations. If you're the owner of the account, you'll have to go through the process of resetting your password so that you can access it again, but the likelihood of someone tampering with your Facebook account since they have your e-mail address and password is significantly diminished. Nevertheless, if you think you could be one of the affected Facebook users, or even if you're not sure, go change your Facebook password now. See this quick guide: How to change your Facebook password.
Hannibal's postings were part of a long string of attacks in the Middle East, where a a hacker war began on January 3, 2012. The attacks have more or less subsided in recent days.
Although Hannibal has apparently called it quits for Facebook, he is not done. The "legal authorities" have suspended his e-mail address, but he simply created a new one and is now interested in targeting Iran, according to his latest Pastebin post from last night:
Wanted: members of the military and spies from Iran who want me to leak information, military documents of the Iranian Army (Anonymously of course) Especially on the nuclear reactor.
I would like to increase my database to hit as many Third World War in Iran occur for another year I think that... all Jews and Israelis Please send me interesting data about Arabs, such as deer documents, credit cards, bank accounts, private individuals, emails and so on. If you wish, I will post your nickname..
Please co-operate, it is very serious project. We already have nine members in this project. If you hate Iran, please cooperate!
The legal authorities have closed my old email, Please send emails to firstname.lastname@example.org, no email@example.com. contact email : firstname.lastname@example.org ( just copy it )
It looks like this hacker war in the Middle East is far from over.
- Israeli hacker steals 85,000 Facebook logins from Arabs
- Israeli hacker posts '100,000' more stolen Facebook logins
- Facebook: most hijacked logins by Ramnit were invalid
- Facebook virus or account hacked? Here's how to fix it.
- Facebook blocks 200 million malicious actions daily
- Facebook partners with Websense to scan URLs for malware