Massive hack steals 2M passwords for Facebook, Google, Twitter, Yahoo, ADP and more accounts
A massive hack has stolen usernames and passwords for nearly 2 million accounts on Facebook, Twitter, Google, Yahoo, LinkedIn, and others.
Hackers managed to accomplish this massive data breach through key-logging software maliciously installed on numerous computers worldwide.
Researchers at cyber security company Trustwave discovered the breach and said that the virus has been stealing login credentials for popular websites over the past month and sending the captured usernames and passwords to a server the hackers controlled.
The hack used the Pony Botnet Controller and Trustwave researchers tracked that server to the Netherlands. The researchers have been tracking this botnet and reported that new instances continue to appear.
"One of the instances we've run into is larger than the last with stolen credentials for approximately two million compromised accounts," noted Trustwave. "In comparison to the last instance of Pony that we talked about, with statistics that looked like a hit-and-run operation, this one spiked at the beginning but was otherwise fairly stable and consistent in its daily 'revenue.'"
The researchers found stolen credentials for more than 93,000 websites and have tried to break down the numbers, which include:
- 318,000 Facebook accounts
- 70,000 Google, Google+ and YouTube accounts
- 60,000 Yahoo accounts
- 22,000 Twitter accounts
- 9,000 Odnoklassniki accounts (Russian social network)
- 8,000 ADP accounts
- 8,000 LinkedIn accounts
Trustwave has notified affected companies of the breach. Facebook, ADP, LinkedIn and Twitter reportedly told CNNMoney that they have notified compromised users and reset their passwords.
The cyber security company further highlights the importance of a good password and offers detailed statistics on the current password situation. Trustwave points out that the Top 10 passwords are still the well-known, banal ones such as "1234," "123456," "1111," "password," and others such.
The length and complexity of most passwords is not how it should be, and the company strongly advises all users to come up with more complex passwords in order to increase security. Trustwave's post (link in third paragraph) offers several graphs and details regarding password complexity, so it might be a good idea to check it out and beef up your cyber security.