In four separate posting on Saturday to the Pastebin website, an Israeil hacker calling himself Hannibal announced he had published emails and logins of 100,000 allegedly Arab Facebook users. He also made the data available on 14 other file-sharing sites.
According to a published report by an investigator who downloaded the data from the file-sharing sites, the number of stolen Facebook accounts is likely closer to 20,000.
The self-professed “general of Israel’s hackers” claimed to have about 30 million email accounts, 10 million bank accounts and four million credit cards of Arabs from all over the world. His purpose, he stated, is to display his strength “to save Israel” from cyber attack.
“The Arabs should learn a lesson and know not to mess with me,” he wrote.
Hannibal’s actions are apparently in retaliation for a data dump earlier this month when OxOmar, who claimed to be a member of a Saudi hacking gang Group-XP, declared he had posted banking details on 400,000 Israelis. Israeil banks refuted the claim, asserting that most of the data was outdated and that in actuality only 14,000 records were exposed.
However, Hannibal seemed to be proferring an olive branch in his message as well, stating that as the volume of cyber attacks on Israel have decreased lately, he was willing to call a truce.
But, in a retort that contains some resemblance to statements by the hacker collective Anonymous, he said: “If they appear again, I again come to save Israel. Trust me. I’ll always be around.”
“This was most likely a phishing attack,” a Facebook spokesperson wrote in a statement sent to SCMagazine.com on Monday. “However, we can’t be sure beyond the fact that we have confirmed this was not a result of any intrusion on Facebook’s systems…We have spent time investigating the information and have determined fewer than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.”
Further, Facebook wrote that it had built “robust internal systems that validate every single login” to its site, regardless if the password is correct or not, to check for malicious activity.
Facebook users can protect themselves by avoiding clicking on unfamiliar links and reporting any suspicious activity, the statement advised.
Users are also encouraged to become fans of the Facebook Security Page for additional security information.
An attempt was made to reach out to Hannibal for comment.