Two million passwords stolen from Facebook, Twitter and Google
Major sites have begun resetting passwords for compromised accounts, although researchers estimate that most targets were from the Netherlands
More than two million passwords from popular social media sites including Facebook, LinkedIn and Twitter have been stolen and posted online by hackers.
The attack has been described as “fairly global” with victims “scattered all over the world”, although the vast majority of comprised users (some 96.66 per cent) were using computers with IP addresses located in the Netherlands.
Security researchers employed by Trustwave stumbled upon the hoard of stolen data whilst investigating a botnet known as ‘Pony’. Botnets are networks of hacked computers created by criminal gangs to use for a number of illegal tasks online, although it’s thought that these passwords were stolen using keylogger software.
A previous attack using the Pony botnet was described by the researchers as “hit-and-run operation,” whilst this attack was carried out over a number of weeks with the hackers taking in a “fairly stable and consistent” number of passwords each day.
A screencap showing the domains affected.
Other sites targeted included Russian social media sites vk.com and odnoklassniki.ru, as well as Google and Yahoo. Trustwave notified the sites involved before posting their findings online, and spokespersons from both Facebook and Twitter have told the Huffington Post that accounts found on the list have had their passwords reset.
However, it seems that the passwords themselves were not doing much to help protect users in the first place. The researchers noted that the top ten most commonly used passwords in the list included “123456”, “123456789”, “1234”, “password” and “1”.
“And it all goes downhill from there,” wrote the researchers in a blog post. “There were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.”
Whilst a similar cache of leaked Myspace passwords from 2006 revealed that the top ten most common passwords comprised 0.9 per cent of the total, this recent leak ups that percentage to 2.4.
However, there is some good news, as users are apparently using longer passwords more consistently. Passwords with more than 10 characters made up 17 per cent of the total in 2006, and in 2013 this figure has risen to 46 per cent.
Life & Style blogs
10 ways we damage our teeth – without realising
Facebook Messenger sends 'creepily' precise location data, as revealed by Marauders Map Chrome extension
What do the emoji on Snapchat mean?
iPhone 'effective power' text: how to be safe from iOS bug that lets people crash your phone
Video claims California will be hit by huge earthquake because of the alignment of the planets — but it’s probably wrong
EU referendum: David Cameron's rules are a 'democratic disgrace', says French-born Scottish politician set to be denied a vote
SNP fury as HS2 finds 'no business case' for taking fast train service to Scotland
Australian man punched in the face for defending Muslim women from abuse on train
A nation of inequality: How the UK is failing to feed its most vulnerable people
David Starkey 'tells Amal Clooney to shut up and stop over-promoting human rights'
EU referendum: David Cameron to deny EU migrants and under-18s the chance to vote
- 1 10 ways we damage our teeth – without realising
- 5 Photo of wedding guest proposing to girlfriend in front of bride and groom goes viral
iJobs Gadgets & Tech
Negotiable: Recruitment Genius: A Digital Web Designer is required to join a f...
£35-40k (DOE) + Benefits: Guru Careers: We are seeking a Marketing Communicati...
£22000 - £25000 per annum: Recruitment Genius: IT Support Technician is requir...
£20000 - £28000 per annum: Recruitment Genius: Based in the centre of Glasgow,...