iStock_000012268428Small-300x212

Cache of 2 Million Account Details For Facebook, Google, Yahoo Users Discovered

Dec 05, 2013 By Sarah Vonnegut

Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.

Security researchers from Trustwave’s Spider Labs, an Information Security Company, uncovered the stash earlier this week.  The credentials were never publicly posted online, but rather were stored in a Pony Botnet Controller Server for the use of other cybercriminals. After the source code for the Botnet was made public, the researchers discovered a way to get into the Botnet’s admin, where they found the database of pilfered accounts, as well as statistics about the stolen data.

The data includes more than 325,000 Facebook passwords, around 60,000 Google accounts and over 59,000 Yahoo accounts from users around the world.

The inclusion of Russian social networking sites odnoklassniki.ru and vk.com indicates that a good number of the stolen account owners are most likely Russian speaking. Spider Lab’s security researchers mentioned that the Pony Control panel was in Russian, as well; a possible indication that the hackers are from there. The server’s IP was based in the Netherlands but used a proxy to avoid detection and keep the scheme running for a longer amount of time.

Details of exactly how the Botnet was able to collect this data is still being investigated, but evidence points to a malware program used to scrape data directly from users’ browsers, a spokesperson for Facebook said. The researchers notified the organizations affiliated with the compromised domains. Representatives for Facebook and Twitter had already begun contacting their affected users so they can remediate their accounts.

Similar to Adobe’s breach of 38 million users a few months ago, the worst yet most unsurprising outcome may be the ridiculously simple passwords people continue to use. The most commonly used passwords in the cache this time around include ‘123456’ (15,820 accounts), ‘123456789’ (4,875 accounts), `1234’ (3,135 accounts), ‘password’ (2,200 accounts), and ‘12345’ (2,090 accounts).

Because most of the affected sites offer two-step authentication, including Google, Facebook and Twitter, now would be a wise time to beef up our personal online security and make use of these features and ensure better protection of our own data. Simplistic passwords have no place in our technologically advanced world, Graham Cluley, an independent security expert told Reuters.

“People are using very dumb passwords. They are totally useless,” he said.

 

Related:

Adobe website hacked, millions of websites stolen

Spider Labs blog post on the discovered database

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.