Israeli hacker posts '100,000' more stolen Facebook logins

Israeli hacker Hannibal claims to have stolen another 100,000 Facebook logins from Arab users of the social network. A quick analysis shows that the number is actually closer to 20,000 accounts.
Written by Emil Protalinski, Contributor

Update: Facebook: most logins hijacked by Israeli hacker were invalid

An Israeli hacker, who calls himself Hannibal online, has once again obtained tens of thousands of Facebook credentials (e-mail addresses and passwords). This time he's claiming to have access to over 100,000 Facebook accounts belonging to Arabs. He has also announced he will not be posting again because "the Arab hackers are gone" and he has thus declared victory.

If you think you could be one of the affected Facebook users, or even if you're not sure, go change your Facebook password now. See this quick guide: How to change your Facebook password.

Just like he did in the last four releases of accounts, Hannibal is using Pastebin, a simple website that allows anyone to upload text (usually code) for public viewing. This time though, he's divided the list into four parts on Pastebin and has also put them all in a text file, which he then uploaded to multiple file hosting websites.

Earlier this week I wrote about how Hannibal claimed to have obtained the Facebook credentials (e-mail addresses and passwords) of 85,000 "helpless Arabs" and then posted them on Pastebin. Here's a relevant excerpt:

In addition to millions of e-mail accounts, bank accounts, and credit cards, tens of thousands of Facebook account credentials have been stolen. He first posted 20,000 logins on Sunday, then 30,000 logins on Monday, then 10,000 logins on Tuesday, and finally 25,000 logins on Wednesday. On Thursday, Hannibal went silent. I quickly checked, and it seems to me that Hannibal is grossly overestimating the number of accounts he is posting: he has uploaded nowhere near 85,000 account credentials.

I wrote the article on Thursday night. Although Hannibal didn't post anything on Thursday, he followed up with an ominous message on Friday: "Be ready for tomorrow night." The body of the paste simply said: "The title says it all." In the Middle East, it's now "tomorrow night" and here we are.

Once again, I will not be linking directly to the Pastebin posts in question, because they have e-mail addresses and passwords that work. Instead, I'm providing the Pastebin links to Facebook so the company can take the necessary steps to protect its users.

I do, however, think it's worth including the header text from Hannibal's pastes. Here's the announcement paste:

Hello, this is known as a hacker Hannibal keeps the state of Israel. I published until now hundreds of thousands of emails and Facebook accounts of Arabs .. Today I published another 100,00 accounts of Arabs. I post this 100k accounts list because i want show the my huge strength. The Arabs should learn a lesson and know not to mess with me. Jewish people named me as the general of Israel's hackers. I have about 30 million email accounts, 10 million bank accounts, 4 million cerdit cards of Arabs from all over the world I received thousands of emails from Arabs who are begging me to stop publishing their bills and hurt them. Because I noticed that lately the Arab hackers are gone, I declare cyber war termination. Israeli hackers, stop! Cyber war stops until further notice I will post again if they attack the State of Israel. If they appear again, I again come to save Israel. Trust me. I'll always be around. Thanks, Hannibal.

Follow me : pastebin.com/u/hannibal Email contact : hannibal@inbox.com

All four of the parts have the following header:

########################################## new list of 100k emails and facebook accounts of arabs hacked by hannibal Part 1/2/3/4 Date : 21.1.12 Contact email : hannibal@inbox.com Follow me : pastebin.com/u/hannibal ##########################################

None of the parts have anywhere near 25,000 accounts. In fact, the third part is significantly shorter than the other three. It has just 15 accounts and appears to get cut off at the end, with only an e-mail address posted and no password. Nevertheless, Hannibal provides links to download all the credentials, on 14 file sharing websites: 10upload, Badongo, Bitshare, Crocko, DepositFiles, Extabit, FileFactory, FileShare, FreakShare, and i-Filez.

I grabbed the 36KB text file and put the contents into Excel. There were indeed over 100,000 rows, but most of them were blank. Also, Hannibal was using one line for the e-mail address and one line for the password. Furthermore, some rows were filled with the default "Email+Facebook Account Hacked By Hannibal:" line or the "Password:" line, but had nothing after them.

I did some Excel cleanup and basic math. I soon discovered Hannibal had actually stolen just under 20,000 Facebook accounts, not 100,000. The number may not have six digits, but that's still a lot of accounts.

Hannibal's latest posting is part of a long string of attacks in the Middle East, where a a hacker war began on January 3, 2012. The attacks have more or less subsided in recent days, and if Hannibal is to be believed, he is calling it quits.

There's more good news. As I've already noted, Facebook's automated systems somewhat help fight against such attacks. The company locks down accounts if they're accessed from unrecognized devices or locations. If you're the owner of the account, you'll have to go through the process of resetting your password so that you can access it again, but the likelihood of someone tampering with your Facebook account since they have your e-mail address and password is significantly diminished.

I have still not been provided a statement from the first time I contacted Facebook. Nevertheless, I have contacted the company again with information on Hannibal's latest attack and will update you if I hear back.

Update: Facebook: most logins hijacked by Israeli hacker were invalid

See also:

Editorial standards