Hacker Group Claims 10,000 Facebook Accounts Hacked and Posted Online
New York, NY – October 18, 2011 - Identity Finder, LLC (www.identityfinder.com) today released a detailed analysis of the information posted by a hacker after an attack apparntly involving 9,931 Facebook accounts. Identity Finder is unable to verify the source of the account usernames and email addresses, of which approximately half included passwords. However, the Nepalese hackers who identify themselves as "Team SwaStika" claim that they stole the information from Facebook.
The data breach occurred on October 16th in a popular website used primarily by programmers to share programming code with others. Identity Finder notified Facebook immediately after discovering the breach. Facebook has not yet responded to Identity Finder.
Based upon Identity Finder's analysis, the information posted by the hacker contains the following:
- 9,931 Accounts
- 4,869 Unique Email Addresses
- 5,049 Usernames
- 5,340 Passwords
Identity Finder analyzed the strength of the breached passwords, and discovered that an alarming 68% of the passwords were "Weak." A weak password may be too short, contain dictionary words, or may not contain special characters, numbers, or alternating punctuation.
- 68% of the Passwords are Weak
- Only 5.4% of the Passwords are Strong
- Average Password Length is 9.2 characters (See Chart, below)
- 4.9% of the passwords were less than 6 characters long
- 13.5% of the passwords were more than 12 characters long
The biggest threat of this breach is the number of passwords posted and how that can lead to further identity theft. Identity Finder's CEO, Todd Feinman said, "Passwords are a digital identity and password reuse is a serious problem that could lead to identity fraud. If real, these accounts can not only be used to access the personal information stored on Facebook (such as full date of birth), but also as potential logins for other websites. The victims will have no way to know when an identity thief is trying their username and password combination to attempt to log into their online bank, an online retailer where they have saved their credit card for future purchases, or other online accounts such as e-mail."
The concern about password reuse is well-founded. Most people today pick a password and reuse it on multiple sites. Studies that correlate hacked accounts across previous data breaches show that approximately 50% or more passwords are reused by an individual. Some users will create site-specific passwords by adding characters related to the website. While this may not significantly increase security in all cases, it can reduce the risk of password reuse.
Identity Finder's technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free