A trove of two million stolen passwords for Facebook, Twitter, email and other online services has been discovered by cyber security researchers.
Unearthed by Trustwave and detailed on its blog, the collection of stolen data contains 1.5 million website login credentials for sites like Facebook, 320,000 email account credentials, and 3,000 remote desktop login details, among others.
Researchers gained access to a server controlling an instance of the malicious Pony botnet, a piece of malware which infects users' computers then records the victim's usernames and passwords, which are returned to the cyber criminal and either used or sold on to others.
Most of the compromised login details belong to Facebook, Google, Yahoo, Twitter and LinkedIn accounts, and - as is becoming increasingly common during such data thefts - the most commonly used passwords are the easiest to guess.
The most common password of the two million stolen was '123456', while '123456789' was second and '1234' was the third most popular password; other examples to feature in the top ten include 'password', 'admin' and '1'.
Full Topic
It makes me wonder if people will ever learn the basics about passwords looking at that last paragraph.
Stash of Two Million Facebook and Twitter Passwords Discovered Online
Userlevel 7
+54
Userlevel 7
+54
Facebook, LinkedIn and other online services have been resetting accounts after 2 million login credentials, apparently stolen from users’ computers, were discovered on a server in the Netherlands.
Payroll processor ADP said Wednesday it has reset the passwords of 2,400 clients but did not believe its internal network was compromised. Facebook, LinkedIn and Twitter have also reset some user accounts.
Security company Trustwave said on Tuesday its SpiderLabs research group gained access to an administrator control panel for the server, which was part of a botnet called Pony that collected sensitive information from users in as many as 102 countries. Trustwave said it notified the affected organisations. Some of the credentials were outdated.
ADP said it reset the accounts after it became aware of a phishing campaign. Phishing involves tricking people into divulging their login credentials or into installing malicious software, which harvests credentials and sends them to an attacker.
“To our knowledge, none of ADP’s clients has been adversely affected by the compromised credentials,” ADP said in a statement.
Facebook said it had reset passwords for its affected accounts.
Full Topic
Payroll processor ADP said Wednesday it has reset the passwords of 2,400 clients but did not believe its internal network was compromised. Facebook, LinkedIn and Twitter have also reset some user accounts.
Security company Trustwave said on Tuesday its SpiderLabs research group gained access to an administrator control panel for the server, which was part of a botnet called Pony that collected sensitive information from users in as many as 102 countries. Trustwave said it notified the affected organisations. Some of the credentials were outdated.
ADP said it reset the accounts after it became aware of a phishing campaign. Phishing involves tricking people into divulging their login credentials or into installing malicious software, which harvests credentials and sends them to an attacker.
“To our knowledge, none of ADP’s clients has been adversely affected by the compromised credentials,” ADP said in a statement.
Facebook said it had reset passwords for its affected accounts.
Full Topic
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.