The Facebook Hack That Wasn’t? Facebook Says The 10,000 Hacked Accounts Aren’t Ours

A hacking group calling themselves “Team Swastika” posted what they claimed was over 10,000 comprised Facebook accounts to Pastebin, a service that serves as an online clipboard. However, according to statements from Facebook PR, these email and password combinations don’t actually represent live Facebook accounts. Instead, it appears that the hackers obtained the accounts using common phishing techniques, where users were tricked into giving away their personal information.

The development was first discovered by Rik Ferguson of Trend Micro, who notes that this hacking group had previously drawn attention to itself by publishing database tables and user credentials from the websites of the Indian Embassy in Nepal and the Government of Bhutan.

He was able to look at the list of supposed Facebook accounts before it was taken down, and found that they came from all over the world, and the majority of the users were not using complex passwords. Many of the passwords were simply a derivation of the user name, a favorite sports team or a short numerical password.

There was no indication as to how this account data was stolen, said Ferguson.

Says Facebook:

This does not represent a hack of Facebook or anyone’s Facebook profiles. Our security experts have reviewed this data and found it to be a set of email and password combinations that are not associated with any live Facebook accounts.

In reality these emails/passwords are the result of standard phishing activities where people were tricked into giving away their credentials.

Although the accounts may not have been actual Facebook logins, assuming they are indeed legitimate email/password combos, they could represent a comprise of numerous other services. Because users often reuse their same password around the Web, the logins may open up access to other accounts that were not the intended target of the phishing scheme. Good thing they’ve been taken down from Pastebin then.

Update: Ferguson now has new info on the compromised accounts. He says that the two lists the hacking group posted have previously been seen online. One list has been around for the better part of a year, while the second, which may actually be the work of another hacking group, was posted 19 days ago. More details are here.   

Image: Countermeasures