Posts tagged: Facebook Hackers

Jan 19 2012

Hacker Publishes Waves of Facebook Logins

Facebook Passwords LeakedA hacker who calls himself Hannibal has posted thousands of alleged login email addresses and passwords of Arab Facebook users.

Emails and passwords for the social network Facebook have been published on Pastebin. Hannibal claims he has more than 30 million credentials of Arab users that he will publish regularly.

The hacker backs Israel and said, “State of Israel, not to worry, you’re in the hands of the world’s best hacker that I am. I will continue to support the government of Israel will continue to attack the Arab countries.”

In addition to the Facebook details he claims that he has possession of 10 million bank accounts and four million credit card details, which he warns he will publish if Iran continues to threaten Israel.

The most recent post said, “Unfortunately today I received an email from Mohammad Reza Rahimi [an Iranian politician] who threatens that would raise most of his men to find me and kill me. I assure you Mr. Fool, you can keep looking as you want, you will not find me even if you have a staff of 1,000 people who search for and carry out search for information about me.”

A spokesman for Facebook said, “This does not represent a hack of Facebook or anyone’s Facebook profiles. We have spent time investigating the information and have determined less than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.”

“Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analysing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with our legal team to ensure appropriate consequences follow.”

Dec 31 2011

Facebook Debit Card for White Hat Hackers

Facebook Debit CardA few companies pay money to bug hunters. But Facebook is giving out something more unique than just a check.

Some security researchers are getting a customized “White Hat Bug Bounty Program” Visa debit card.

The researchers, who can make thousands of dollars for reporting just one security hole on the social-networking site, can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM. As the researchers find more bugs, Facebook can add more money to their accounts.

Facebook wanted to do something special for the people who are helping the company shore up its software and keep hackers and malware out.

“Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them,” Ryan McGeehan, manager of Facebook’s security.

Besides holding cash value, the White Hat card may proffer other advantages. “We might make it a pass to get into a party,” for instance, McGeehan said. “We’re trying to be creative.”

The most Facebook has paid out for one bug report is $5,000, and it has done that several times, according to McGeehan. Payments have been made to 81 researchers, he said.

Szymon Gruszecki, a Polish security researcher and penetration tester; Neal Poole, a junior at Brown University who will be an intern at Facebook next summer; Charlie Miller, a researcher at Accuvant known for finding holes in iOS 5 and Safari, praised the card. “Facebook whitehat card not as prestigious as the SVC card, but very cool ;) Fun way to implement no more free bugs,” he tweeted.

Facebook has plans to leverage the knowledge and skills of the researchers beyond just providing the bug bounty incentive.

“Whenever possible we’re going to try to load-in White Hat researchers into products early–as soon as (they are) in production,” McGeehan said. Thus Facebook “will get an early warning on anything they find.”