By Samantha Murphy Kelly / Perkins Abaje
According to new techie report hackers have stolen about two million usernames and passwords from 93,000 websites, including Facebook, Gmail, Twitter, Yahoo and LinkedIn social media platforms.Cyber-security firm Trustwave mapped the unethical breach to a server located in the Netherlands. According to CNN, several security experts said the confidential information on the server came from a piece of malware which recorded users’ keystrokes at login screens.
Abby Ross, a spokesperson for Trustwave said “Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies’ networks. Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.”
Although the hacker remains unknown, Trustwave wrote on its blog that two targets were Russian-speaking social networking sites (vk.com and odnoklassniki.ru), which could hint at the virus’ origin.
“The malware was configured so that the majority of the credential information was sent to a server in the Netherlands,” Ross said. “The server does not show from which countries the information came from so we cannot break down exactly how many users from each country were affected. However, we can confirm the attackers targeted users worldwide including in the U.S., Germany, Singapore, Thailand and others.”
It’s also important to note that the stolen credentials were never publicly posted online. Trustwave researchers were able to access a command and control server used by the Pony botnet and recovered the passwords from there.
“We have reached out to the major service providers affected and they are taking steps to inform their users or remediate the compromised accounts,” Ross told Mashable.
Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%).
A Facebook spokesperson told Mashable the company has already reached out to those with compromised accounts. While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers,” a Facebook spokesperson told Mashable.
“As a precaution, we’ve initiated a password reset for people whose passwords were exposed.” He added.
Trustwave decided to analyze the most popular stolen passwords. Topping the list was “123456,” just edging out the Spaceballs punchline, “12345.”
