back to article Mystery over bogus Facebook login data dump

The publication on Pastebin of the supposed login details of more than 10,000 Facebook users fails to pose any security risks, at least on the social network, because the data is bogus, according to Facebook. Newly established Nepalese hacking crew Team Swastika caused a stir when they dumped the supposed Facebook login data …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Headmaster

    > Third Reich appropriated the symbol

    That would be the NSDAP.

    In a similar vein, hammers and sickles are manual tools of great value until appropriated by another bunch of collectivists.

    1. Graham Dawson Silver badge
      Coat

      Would it be tasteless to add something about a stylised bitten apple to that list?

      I suppose it would. Oh well...

    2. Anonymous Coward
      Anonymous Coward

      Stars and stripes also :)

  2. Paul Woodhouse

    This sentance contains so much FAIL

    Create a complex password using upper and lower case letters, numbers and special characters such as $%&!. Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your initial complex password, making it unique yet easy to remember

    1. BoldMan
      Thumb Down

      Then write them all down because you have more important things to do in life than remember umpteen million password combinations

  3. Paul Woodhouse

    cos...

    if someone phishes your facebook password and finds its

    ftw4tt!ngk

    it aint gonna take a great leap of imagination to work out hotmail is

    htw4tt!ngl

  4. Anonymous Coward
    FAIL

    All for the greater "glory"...

    You want to look good; then simply dump data and assume people (esp. companies) will keep quiet about it. "Of course they denied it; they don't want to admit how l33t we are!". Truth is that a lot of people are starting to look right through this.

    When those lulzsec dudes shared some of their stuff the same thing applied. Not talking about the ps3 hack but the stuff they "dumped from their collection".

    Now, granted; without knowing what the source of that data was you can't really deem this legit or false (perhaps another tactical part they left out?). I'm also not going there, merely stating that I considered that data to be bogus too. An opinion I've seen shared by others as well.

    This data turned out to be a 3-part collection of so called usernames and passwords which were accompanied with e-mail addresses. Rumor had it that it came from a website or other ISP.

    When starting to check a few e-mail addresses I came across many invalid ones. While an account can easily expire over time the same cannot be easily said for TLD's. For example "hotmail.com.jj", that TLD has never existed and is most likely a typo. Or is it? Considering how common e-mail checks are these days I have some serious doubt there as well.

    So in a majority of cases I think its not too unthinkable that "hackers" (or kiddies?) release bogus stuff to 'look good'.

  5. Eddie Edwards
    Devil

    Yeah right

    "the use of the term Team Swastika does not necessarily imply neo-Nazi sympathies."

    No, I'm sure they are simply unaware of the Nazi association with that symbol, and used it unwittingly. After all, few have heard of the Nazis these days, whereas ancient Hindu mysticism is enjoying something of a revival, especially amongst illegal activists.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah right

      Says the westerner.

      Hindu (stupid word) mysticism is no more "ancient" than Christianity, etc.

      They are almost certainly aware of the Nazi connection but will not see that as any reason to avoid using a symbol that originated in their faith / culture.

      The Hindu swastika is noticeably different from the Nazi one.

    2. O RLY

      Re: Yeah right

      Given that the organisation are Nepalese and their first public targets were India, Bhutan, and Nepal (you know, all parts of the British Empire's Hindustan), it would seem far more likely they were influenced by Hinduism than National Socialism.

      Since it remains quite common in that part of the world to see swastikas on pottery, in clothing and blankets, and decorating walls, your comment about "ancient Hindu mysticism" reflects your remarkable cultural ignorance about a religion that predates the Nazis by five hundred years and a symbol that predates the Nazis by four THOUSAND years.

    3. M H
      FAIL

      @eddie

      Idiot.

      It's not uncommon to see swastikas in Asia, eg in school logos etc - I've seen them in several countries. The Thai word for hello (sawasdee สวัสดี) is derived from the same Sanskrit word (svasti) that the word swastika comes from.Perhaps you'd like to ban Thai people from saying hello, eh?

      But since Asia *only* has a third of the world's population, let's use western history to censor them...

  6. Anonymous Coward
    Anonymous Coward

    There's another way to check... pick some accounts at random and try logging into facebook with them.

    Do they work? If not, then likely it's all bullshit. If some work and other don't then are they trying to share legit info in plain view by making it look like crap?

  7. Anonymous Coward
    Anonymous Coward

    What?

    Looking at that screenshot that is posted from the pastebin. The data comes from a IRC based botnet.

    Also why does Facebook's quote say two opposite things? Are they trying to say Facebook itself wasn't hacked (well yeh) but some data was phish'd?

  8. Pascal Monett Silver badge
    FAIL

    Correction

    "Team Swastika has only been around for a week but has already made itself look ridiculous."

    There, got it for you.

This topic is closed for new posts.

Other stories you might like

  • Facebook phishing campaign nets millions in IDs and cash
    Hundreds of millions of stolen credentials and a cool $59 million

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

    Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

    The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

    Continue reading
  • Meta mostly fails in appeal against order from UK watchdog to sell Giphy
    Might have been a good idea to mention that Snap was sniffing around GIF biz, too, judges note, though

    Judges in the UK have dismissed the majority of an appeal made by Facebook parent Meta to overturn a watchdog's decision to order the social media giant to sell Giphy for antitrust reasons.

    Facebook acquired GIF-sharing biz Giphy in May 2020. But Blighty's Competition Markets Authority (CMA) wasn't happy with the $400 million deal, arguing it gave Mark Zuckerberg's empire way too much control over the distribution of a lot of GIFs. After the CMA launched an official probe investigating the acquisition last June, it ordered Meta to sell Giphy to prevent Facebook from potentially monopolizing access to the animated images. 

    Meta appealed the decision to the Competition Appeal Tribunal (CAT), arguing six grounds. All but one of them – known as Ground 4 – were dismissed by the tribunal's judges this week. And even then only one part of Ground 4 was upheld: the second element.

    Continue reading
  • Consultant plays Metaverse MythBuster. Here's why they're wrong
    Holograms, brands, NFTs, and a 1,000-consumer survey

    Opinion Consulting giant McKinsey & Company has been playing a round of MythBusters: Metaverse Edition.

    Though its origins lie in the 1992 sci-fi novel Snow Crash, the metaverse has been heavily talked about in business circles as if it's a real thing over the last year or so, peaking with Facebook's Earth-shattering rebrand to Meta in October 2021.

    The metaverse, in all but name, is already here and has been for some time in the realm of online video games. However, Meta CEO Mark Zuckerberg's vision of it is not.

    Continue reading
  • Heineken says there’s no free beer, warns of phishing scam
    WhatsApp messages possibly the worst Father's Day present in the world

    There's no such thing as free beer for Father's Day — at least not from Heineken. The brewing giant confirmed that a contest circulating on WhatsApp, which promises a chance to win one of 5,000 coolers full of green-bottled lager, is a frothy fraud.

    "This is a scam. Thank you for highlighting it to us. Please don't click on links or forward any messages. Many thanks," the beermaker said in a tweet.

    The phony WhatsApp giveaway includes an image of a cooler of 18 Heinekens and a link to a website purporting to run the giveaway. That page asks visitors vying to bag free booze for their personal information, such as names, email addresses, and phone numbers, which is all collected by miscreants.

    Continue reading
  • Emotet malware gang re-emerges with Chrome-based credit card heistware
    Crimeware groups are re-inventing themselves

    The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.

    Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the malware will send it to command-and-control (C2) servers that are different than the one that the card stealer module uses, according to researchers with cybersecurity vendor Proofpoint's Threat Insight team.

    The new card information module is the latest illustration of Emotet's Lazarus-like return. It's been more than a year since Europol and law enforcement from countries including the United States, the UK and Ukraine tore down the Emotet actors' infrastructure in January 2021 and – they hoped – put the malware threat to rest.

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Now Windows Follina zero-day exploited to infect PCs with Qbot
    Data-stealing malware also paired with Black Basta ransomware gang

    Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.

    The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.

    This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.

    Continue reading
  • Costa Rican government held up by ransomware … again
    Also US warns of voting machine flaws and Google pays out $100 million to Illinois

    In brief Last month the notorious Russian ransomware gang Conti threatened to overthrow Costa Rica's government if a ransom wasn't paid. This month, another band of extortionists has attacked the nation.

    Fresh off an intrusion by Conti last month, Costa Rica has been attacked by the Hive ransomware gang. According to the AP, Hive hit Costa Rica's Social Security system, and also struck the country's public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

    The Costa Rican government said at least 30 of the agency's servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is now asking for $5 million in Bitcoin to unlock infected systems.

    Continue reading
  • Watch out for phishing emails that inject spyware trio
    You wait for one infection and then three come along at once

    An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.

    Researchers with Fortinet's FortiGuard Labs threat intelligence unit have been tracking this mailspam campaign since May, outlining how three remote access trojans (RATs) are fired into the system once the attached file is opened in Excel. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC.

    The first of the three pieces of malware is AveMariaRAT (also known as Warzone RAT), followed by Pandora hVCN RAT and BitRAT.

    Continue reading

Biting the hand that feeds IT © 1998–2022