Nepali Hackers group, Team Swastika hacks 10,000 Facebook Accounts|
Oct 21
2011
|
Nepali Hackers group, Team Swastika hacks 10,000 Facebook AccountsPosted by: admin in News and Events on Oct 21, 2011 |
|
A group of hackers called Team Swastika published the details of 10,000 Facebook accounts on text sharing site, Pastebin.
According to the Hacker News, Team Swastika claims to be the most powerful hacking team in Nepal, their next target will be Nepal Government website.
Pastebin quickly removed the leaked documents. Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups.
According to Rik Ferguson, Trend Micro's director of security research, after a day of investigation it seems that “Team SwaStika” may be attempting to take credit for compromising account details that they really had nothing to do with.
He also said "The two lists of hacked accounts (Part 1 and Part 2) have both been circulated online before the Pastebin posts were made by Team SwaStika. The list entitled Part 1 appears to have been doing the rounds on various underground forums for the better part of a year. The second list entitled Part 2 by Team SwaStika is much more recent. The first evidence I can find of the accounts listed in Part 2 is only 19 days old."
A list with content exactly matching this second Pastebin post by Team SwaStika was uploaded to a compromised website by the better known group of hackers Group Hp-Hack. Group Hp-Hack is a Saudi Arabian hacker group that has previously gained notoriety in August of this year for defacing the websites of Joomla Canada and ethicalhackingcourses.com (which remains defaced to this day).
The html list of alleged Facebook logins uploaded to a compromised web server was created in Microsoft Word and has a creation date of 1st October 2011 but was posted with the claim (in Arabic) that the list only represents 10% of the 7 million accounts that were breached by Group Hp-Hack.
Rik Ferguson, explained in a blog post that the "Team Swastika" group published the details to Pastebin "without context and with no indication of the means by which they were stolen".
"The ongoing effect of such a large-scale compromise can be disastrous for affected users, particularly if the password is shared for multiple accounts," Ferguson added.
Ferguson urged users to create a unique and complex password for every site they use, using upper and lower case letters, numbers and special characters.
"Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your initial complex password, making it unique yet easy to remember," he said.
Facebook UK team has given following statement “This does not represent a hack of Facebook or anyone’s Facebook profiles. Our security experts have reviewed this data and found it to be a set of e-mail and password combinations that are not associated with any live Facebook accounts“. Facebook spokesperson said "Our security experts have reviewed this data and found it to be a set of e-mail and password combinations that are not associated with any live Facebook accounts."
Facebook hacked account dump:
http://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin
http://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin
Their twitter account:
https://twitter.com/#!/TeamSwastika/
