Over 2 million passwords stolen from Twitter and Facebook
Over 2 million passwords have been swiped from a host of social media sites including Facebook, LinkedIn and Twitter. The hackers who took them have posted their bounty online too, which is nice of them.
The attack is "fairly global" with victims "scattered all over the world" although, for some reason, most of the users affected have IP addresses located in Holland.
Trustwave's security researchers found a stash of data that had been stolen while they were looking at a botnet called ‘Pony’.
Previous Pony botnet attacks had been referred to as 'hit and run', however, this most recent attack was carried out over a number of weeks which enabled the hackers to amass a "fairly stable and consistent" amount of passwords each day.
Other sites were hit too, including Russian social media sites vk.com (the Russian Facebook) and odnoklassniki.ru. Google and Yahoo were also attacked, with Trustwave telling the sites involved before posting their findings about the breaches online. Facebook and Twitter have been getting in touch with people affected to change their passwords, but it might be worth resetting yours, just in case you were missed out of the security loop.
That said, passwords didn't protect users in the first place. A number of passwords in the list included “123456”, “123456789”, “1234”, “password” and “1”. “And it all goes downhill from there,” wrote the researchers in a blog post. “There were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.”
If you need help in getting a secure password, click here.