Two million passwords stolen from Facebook, Twitter and Google
Major sites have begun resetting passwords for compromised accounts, although researchers estimate that most targets were from the Netherlands
Thursday 05 December 2013
More than two million passwords from popular social media sites including Facebook, LinkedIn and Twitter have been stolen and posted online by hackers.
The attack has been described as “fairly global” with victims “scattered all over the world”, although the vast majority of comprised users (some 96.66 per cent) were using computers with IP addresses located in the Netherlands.
Security researchers employed by Trustwave stumbled upon the hoard of stolen data whilst investigating a botnet known as ‘Pony’. Botnets are networks of hacked computers created by criminal gangs to use for a number of illegal tasks online, although it’s thought that these passwords were stolen using keylogger software.
A previous attack using the Pony botnet was described by the researchers as “hit-and-run operation,” whilst this attack was carried out over a number of weeks with the hackers taking in a “fairly stable and consistent” number of passwords each day.
A screencap showing the domains affected.
Other sites targeted included Russian social media sites vk.com and odnoklassniki.ru, as well as Google and Yahoo. Trustwave notified the sites involved before posting their findings online, and spokespersons from both Facebook and Twitter have told the Huffington Post that accounts found on the list have had their passwords reset.
However, it seems that the passwords themselves were not doing much to help protect users in the first place. The researchers noted that the top ten most commonly used passwords in the list included “123456”, “123456789”, “1234”, “password” and “1”.
“And it all goes downhill from there,” wrote the researchers in a blog post. “There were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.”
Whilst a similar cache of leaked Myspace passwords from 2006 revealed that the top ten most common passwords comprised 0.9 per cent of the total, this recent leak ups that percentage to 2.4.
However, there is some good news, as users are apparently using longer passwords more consistently. Passwords with more than 10 characters made up 17 per cent of the total in 2006, and in 2013 this figure has risen to 46 per cent.
Life & Style blogs
The Last of Us: Ashley Johnson says she would play Ellie in a sequel
Schematics from Israel's Iron Dome missile shield 'hacked' by Chinese, says report
Meow Chat: New messaging app combines Tinder and WhatsApp - but is it safe?
Is Ebola coming to Britain? UK health officials issue warning to doctors as outbreak fears grow
Rihanna, Kim Kardashian and me: How Olivier Rousteing is revitalising the house of Balmain
The secret report that helps Israel hide facts
A day in the life of Vladimir Putin: The dictator in his labyrinth
Woman and two children killed by mob in riots over 'blasphemous' Facebook post in Pakistan
Putin is 'thuggish, dishonest and reckless', says British ambassador to US
Boozy, ignorant, intolerant, but very polite – Britain as others see us
Were 'Poor Doors' added to mixed developments so wealthy residents don't have to go in alongside social housing tenants?
- 1 Woman and two children killed by mob in riots over 'blasphemous' Facebook post in Pakistan
- 2 The secret report that helps Israel hide facts
- 3 Is Ebola coming to Britain? UK health officials issue warning to doctors as outbreak fears grow
- 4 Richard Dawkins says 'date rape is bad, stranger rape is worse' on Twitter
- 5 Danish TV reporter is all business up top, all party down below
- < Previous
- Next >
iJobs Gadgets & Tech
£45000 - £50000 per annum + competitive: Progressive Recruitment: .NET/ C# .Pr...
£25000 per annum + OTE £40,000: SThree: Orgtel are seeking Graduate Trainee Re...
£35000 - £40000 per annum + Benefits: Ashdown Group: Content Manager - Central...
£45000 - £60000 per annum + competitive: Progressive Recruitment: JAVA DEVELO...