More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online. The site containing the passwords was discovered by researchers working for security firm Trustwave. In a blog post outlining its findings, the team said it believed the passwords had been harvested by […]
More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.
The site containing the passwords was discovered by researchers working for security firm Trustwave.
In a blog post outlining its findings, the team said it believed the passwords had been harvested by a large botnet – dubbed Pony – that had scooped up information from thousands of infected computers worldwide.
According to CNN, the massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world.
The details had probably been uploaded by a criminal gang, security experts said.
It is suspected the data was taken from computers infected with malicious software that logged key presses.
It is not known how old the details are – but the experts warned that even out-dated information posed a risk.
The server, located in the Netherlands, was found to contain compromised credentials for more than 93,000 websites, including the most popular social media sites in the world.
“We don’t have evidence they logged into these accounts, but they probably did,” said John Miller, a security research manager at Trustwave
HOW MANY ACCOUNTS HAVE BEEN COMPROMISED?
• 318,000 Facebook accounts
• 70,500 Gmail, Google+ and YouTube accounts
• 59,500 Yahoo accounts
• 21,700 Twitter accounts
• 9,300 Russian social network Odnoklassniki accounts
• 8,000 ADP accounts
• 8,500 LinkedIn accounts
In addition to this, Trustwave discovered:
• 320,000 email account credentials
• 41,000 FTP logins
• 3,000 remote desktop credentials
• 3,000 secure shell account details were also stolen.
