Over 10,000 Facebook account details hacked and published

An update to this investigation is available here.
_____________________________________________________________________________________________________
A hacking group calling themselves “Team Swastika” have published what they claim to be the usernames and passwords for over ten thousand Facebook accounts on Pastebin, an online service for sharing large quantities of text data online. It should be noted that the PR agency for Facebook in the UK gave me the following statement, “This does not represent a hack of Facebook or anyone’s Facebook profiles. Our security experts have reviewed this data and found it to be a set of e-mail and password combinations that are not associated with any live Facebook accounts“.
 
Team Swastika are a new arrival on the hacking scene, having announced their “launch” only six days ago. although they have only one tweet to their name they have already caused concern by publishing database tables and user credentials stolen from the websites of the Indian Embassy in Nepal and the Government of Bhutan, apparently by SQL injection attack.
 
This latest publication of what they claim to be more than ten thousand Facebook user credentials is without context and with no indication of the means by which they were stolen. The posts themselves have already been removed by Pastebin but I managed to get a look at them before this happened…
 

Stolen credentials for Facebook accounts

Stolen credentials for Facebook accounts


 
The compromised user accounts come from all over the globe, and a quick glance through the list of associated passwords shows that the majority of affected users are not using complex passwords, with many being simply a derivation of the user name, a favourite football club or a short numerical password.
 
The ongoing effect of such a large scale compromise can be disastrous for affected users, particularly if the password is shared for multiple accounts. It can lead to compromise of the victim’s email account which can act as the skeleton key for many other online services, as any password reset procedure will normally pass through the account owner’s email inbox for verification. regaining control of a compromised account can be a costly and time consuming process, as this recent victim explains.
 
It is never a good idea to use the same password across multiple web sites, so try to have a unique one for every site you use. While this may sound complex and impossible to remember there is simple way to achieve this. Create a complex password using upper and lower case letters, numbers and special characters such as $%&!. Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your initial complex password, making it unique yet easy to remember
 
As for those security or password reset questions, this is also one of the most common ways to break into an account. If you are asked to provide answers to “Security questions” consider whether the answers are really secure. Secure means that you are the only person who can answer the question. If the possibility exists to create your own questions, use it. If you are obliged to answer more standard questions such as “First school”or “First pet” remember the answer doesn’t have to be the truth, it only has to be something you can remember.
 
I have not verified if the credentials as posted are legitimate, for reasons of privacy, but have passed the full list of affected accounts on to Facebook security so that they can warn and protect their users.
 

11 thoughts on “Over 10,000 Facebook account details hacked and published

  1. SATs Papers

    Wow, I didn’t know about this! I guess it goes without saying, never use the same password across multiple emails/accounts etc, otherwise you will get stung.

    One day someone will invent a system that does away with all these passwords and makes everything simple and secure. One day…and they’ll be a billionaire.

    Reply
  2. Pingback: maccad» Mystery over bogus Facebook login data dump

  3. Pingback: Account Facebook rubati e pubblicati online dagli hackers del Team Swastika | TECH-nology

  4. Pingback: Team Swastika attacca Facebook

  5. Pingback: Oltre 10.000 account di Facebook hackerati | vcast.it

  6. Pingback: TREND MICRO deckt auf: 10.000 facebook-Konten gehackt - datensicherheit.de Informationen zu Datenschutz und Datensicherheit

  7. Pingback: occupy wall st is becoming #GlobalChange 15th october - Page 2

  8. Pingback: Su Pastebin gli username e le password di oltre 10.000 utenti Facebook

  9. Pingback: Violati 10.000 account Facebook? | Geek Zone

  10. Pingback: 10.000 account Facebook rubati e condivisi in rete | Facebook-Mania

  11. Pingback: 10.000 account Facebook rubati e pubblicati sul web | PowerBlog.it

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>