Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.
Security researchers from Trustwave’s Spider Labs, an Information Security Company, uncovered the stash earlier this week. The credentials were never publicly posted online, but rather were stored in a Pony Botnet Controller Server for the use of other cybercriminals. After the source code for the Botnet was made public, the researchers discovered a way to get into the Botnet’s admin, where they found the database of pilfered accounts, as well as statistics about the stolen data.
The data includes more than 325,000 Facebook passwords, around 60,000 Google accounts and over 59,000 Yahoo accounts from users around the world.
The inclusion of Russian social networking sites odnoklassniki.ru and vk.com indicates that a good number of the stolen account owners are most likely Russian speaking. Spider Lab’s security researchers mentioned that the Pony Control panel was in Russian, as well; a possible indication that the hackers are from there. The server’s IP was based in the Netherlands but used a proxy to avoid detection and keep the scheme running for a longer amount of time.
Details of exactly how the Botnet was able to collect this data is still being investigated, but evidence points to a malware program used to scrape data directly from users’ browsers, a spokesperson for Facebook said. The researchers notified the organizations affiliated with the compromised domains. Representatives for Facebook and Twitter had already begun contacting their affected users so they can remediate their accounts.
Similar to Adobe’s breach of 38 million users a few months ago, the worst yet most unsurprising outcome may be the ridiculously simple passwords people continue to use. The most commonly used passwords in the cache this time around include ‘123456’ (15,820 accounts), ‘123456789’ (4,875 accounts), `1234’ (3,135 accounts), ‘password’ (2,200 accounts), and ‘12345’ (2,090 accounts).
Because most of the affected sites offer two-step authentication, including Google, Facebook and Twitter, now would be a wise time to beef up our personal online security and make use of these features and ensure better protection of our own data. Simplistic passwords have no place in our technologically advanced world, Graham Cluley, an independent security expert told Reuters.
“People are using very dumb passwords. They are totally useless,” he said.