BOSTON: Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe.
2 Million Google, Facebook, Twitter Passwords Stolen
Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the "Pony botnet."
The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers' credentials it had found on the server.
The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims' were from the United States, Germany, Singapore and Thailand, among other countries.
Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached.
SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down the Pony botnet server.
An analysis posted on the SpiderLabs blog showed that the most-common password in the set was "123456," which was used in nearly 16,000 accounts. Other commonly used credentials included "password," "admin," "123" and "1."
Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.
"People are using very dumb passwords. They are totally useless," he said.
The list of hacked account provided SpiderLabs:
· 318,000 Facebook accounts
· 70,000 Gmail, Google+ and YouTube accounts
· 60,000 Yahoo accounts
· 22,000 Twitter accounts
· 9,000 Odnoklassniki accounts (a Russian social network)
· 8,000 ADP accounts (ADP says it counted 2,400)
· 8,000 LinkedIn accounts
2 Million Google, Facebook, Twitter Passwords Stolen
Are you safe? |
Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the "Pony botnet."
The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers' credentials it had found on the server.
The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims' were from the United States, Germany, Singapore and Thailand, among other countries.
Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached.
SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down the Pony botnet server.
An analysis posted on the SpiderLabs blog showed that the most-common password in the set was "123456," which was used in nearly 16,000 accounts. Other commonly used credentials included "password," "admin," "123" and "1."
Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.
"People are using very dumb passwords. They are totally useless," he said.
The list of hacked account provided SpiderLabs:
· 318,000 Facebook accounts
· 70,000 Gmail, Google+ and YouTube accounts
· 60,000 Yahoo accounts
· 22,000 Twitter accounts
· 9,000 Odnoklassniki accounts (a Russian social network)
· 8,000 ADP accounts (ADP says it counted 2,400)
· 8,000 LinkedIn accounts
Opinion:
Were you on the hackers’ hit list? How can you find out and what do you do about it?
Like most of you, I am on Twitter, Facebook, Google and every other major website or social network out there, and though I have learned that privacy and the Internet in the same sentence is an oxymoron, we still hope for a certain modicum of security when using these sites.
Maybe I should say an illusion of privacy. With that said, shouldn’t Facebook, Google, Twitter and the rest notify users of the breach? If they did, I have yet to receive an email or notification.
Facebook, Twitter, LinkedIn and ADP claim they have notified the compromised users, but CNN Money said Google and Yahoo declined to comment.
To be on the safe side, I recommend changing all your passwords immediately and refraining from posting all your personal information online, although that ship may have already sailed for most of us.
Like most of you, I am on Twitter, Facebook, Google and every other major website or social network out there, and though I have learned that privacy and the Internet in the same sentence is an oxymoron, we still hope for a certain modicum of security when using these sites.
Maybe I should say an illusion of privacy. With that said, shouldn’t Facebook, Google, Twitter and the rest notify users of the breach? If they did, I have yet to receive an email or notification.
Facebook, Twitter, LinkedIn and ADP claim they have notified the compromised users, but CNN Money said Google and Yahoo declined to comment.
To be on the safe side, I recommend changing all your passwords immediately and refraining from posting all your personal information online, although that ship may have already sailed for most of us.