Yesterday there were reports that over 10,000 Facebook accounts were compromised by a hacking group called “Team Swastika“. The hackers had actually posted the email addresses and passwords on Pastebin, a site that acts as an online clipboard. But contrary to these reports, Facebook have denied that any of the email/password combinations posted represent live Facebook accounts. It is thought that this personal information had be obtained using pretty common phishing techniques.
This most recent posting of emails addresses and passwords to Pastebin was discovered by Rik Ferguson of Trend Micro, and he noticed that this group had previously posted similar types of user credentials, supposedly from the Indian Embassy in Nepal and the Government of Bhutan. The ‘Facebook’ usernames and passwords have since been taken down, but not before Rik had a chance to look at them.
They appeared to come from all over the world, but what was striking was the simplicity of the majority of passwords being used. Many were variations upon the username, others were the names of sports team, and in some cases just a short numerical password was used. Facebook reiterated the fact that this data does not represent a hack of users’ profiles: “Our security experts have reviewed this data and found it to be a set of email and password combinations that are not associated with any live Facebook accounts. In reality these emails/passwords are the result of standard phishing activities where people were tricked into giving away their credentials.”
So while this may not have been your Facebook profile that was compromised this time around, there are 10,000 people out there who have had some sort of online account details stolen. And given how lazy people can be, it isn’t too much of a stretch to believe that the same email/password combination is used across different services. We’ve seen what can happen when someone gets hold of your login credentials, so if you have anything of any importance held online, it’s good to have a safely stored backup should anything go wrong.