Facebook denies that “Hannibal” has hacked Arabs’ Facebook accounts

In a series of posts on Pastebin, a hacker who calls himself “Hannibal” (for Hannibal Lecter), has dumped thousands of e-mail addresses and plain-text passwords that he claims are from Arabs’ Facebook accounts. Yesterday, he posted  20,000.  Today, he posted 30,000 more.

I contacted Facebook for a statement on the allegations that they have been hacked. In response, a spokesperson provided the following statement to DataBreaches.net:

This does not represent a hack of Facebook or anyone’s Facebook profiles.We have spent time investigating the information and have determined fewer than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.

Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analyzing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with out legal team to ensure appropriate consequences follow.

People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security (<http://www.facebook.com/security>) for additional security information.

Hannibal did not respond to an e-mail request sent by this site last night inviting him o respond to Facebook’s denial or to provide proof that Facebook was actually hacked.  If he does provide a statement, I will update this entry.

About the author: Dissent

Has one comment to “Facebook denies that “Hannibal” has hacked Arabs’ Facebook accounts”

You can leave a reply or Trackback this post.
  1. disclosure - January 26, 2012

    Those were actually Malaysian accounts, not even Arabs. Out of the 100k+ accounts released in several dumps on Pastebin, only 20k+ even have valid emails. It’s very likely they came from select few past database leaks. The reason you may use some of them to login to Facebook is simply because people reuse passwords! Even then, Facebook will immediately block the account if you try to login from unfamiliar location, i.e. the Malaysian Facebook account will be blocked if you try to login from Chicago.

Comments are closed.