Researchers with Trustwave’s Chicago-based SpiderLabs said that they’ve discovered a cache of some two million pilfered passwords to accounts of popular social media websites including Facebook, Google, Twitter and Yahoo from across the globe.
In more layman terms, hackers have stolen usernames and passwords of more than 326,000 Facebook accounts, 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts. This was carried out in the past month with the help of Pony malware.
“Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies networks,” said Abby Ross, a spokesperson for Trustwave. “Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.”
Singapore, Thailand, Indonesia users affected
While Netherlands was top of the list, victims also came from Singapore, Thailand and Indonesia. A total of 7,298 accounts were accessed from these three countries.
[[{“type”:”media”,”view_mode”:”media_original”,”fid”:”37708″,”attributes”:{“alt”:””,”class”:”media-image”,”height”:”230″,”style”:”display: block; margin-left: auto; margin-right: auto;”,”typeof”:”foaf:Image”,”width”:”600″}}]]
[[{“type”:”media”,”view_mode”:”media_original”,”fid”:”37709″,”attributes”:{“alt”:””,”class”:”media-image”,”height”:”230″,”style”:”display: block; margin-left: auto; margin-right: auto;”,”typeof”:”foaf:Image”,”width”:”600″}}]]
Source: Spiderlabs
Representatives for Facebook and Twitter said the companies have reset the passwords of affected users, but there was no word from Google or Yahoo.
“Facebook takes people’s information security extremely seriously and we work hard to protect it. While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their Web browsers,” says Facebook.
If you’re worried about the safety of your social media accounts, a simple guideline to prevent yourself from getting hacked is this: have a strong password, and don’t install any suspicious programmes or click on suspicious ads, which might contain programs called malware designed to steal your online identity. The stolen information can be used to extract people’s personal information from the websites — this can then be sold.
A strong password means that you use a mix of capital and lowercase letters and make passwords at least eight characters long that has a combination of letters, numbers and symbols like exclamation mark.
An analysis posted on the SpiderLabs blog shows that the most-common password in the set was ‘123456,’ which was used in nearly 16,000 accounts.
Original story by: Vulcan Post
