Facebook, Twitter, and others reset user logins after hacker steals 2 million passwords

A hacker has netted more than 2 million passwords for users of major services including Facebook, Gmail, Twitter, Yahoo, and LinkedIn, according to the security firm Trustwave.

The attacker installed keylogging software on users’ computers in 92 countries, recording their logins and user passwords as they were typed.

The companies themselves were not breached, but ADP, Facebook, LinkedIn, and Twitter have reset passwords and alerted compromised users, CNNMoney reports.

The keylogger tool was a version of the Pony botnet controller, a malicious piece of software that has been proliferating since its source code was published. The botnet controller is mainly being used to steal passwords, according to Trustwave researchers.

This time, whoever was behind the attack got around 1.5 million website login credentials, 320,000 email account credentials, 41,000 FTP credentials, 3,000 remote desktop credentials, and more.

A look at the passwords shows a keylogger may have been overkill, however. Trustwave reports that the most common passwords were “123456,” “123456789,” “1234,” and “password.”

 



Source: The Verge - Read the original article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On