Researchers with Trustwave’s Chicago-based SpiderLabs said that they discovered a cache of some 2 million pilfered passwords to popular social media websites including Facebook, Google, Twitter and Yahoo from Internet users across the globe.
In a more layman term, hackers has stolen usernames and passwords to more than 326,000 Facebook accounts, 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts. This was carried out in the past month with the help of Pony malware.
“Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies networks,” said Abby Ross, a spokesperson for Trustwave. “Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.”
Singapore, Thailand, Indonesia users affected
While Netherlands was top of the list where the victims are from, Singapore, Thailand and Indonesia were also where some of the users reside. A total of 7298 accounts were accessed from these 3 countries.
Representatives for Facebook and Twitter said the companies have reset the passwords of affected users, but there were no word from Goggle or Yahoo.
‘Facebook takes people’s information security extremely seriously and we work hard to protect it. While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their Web browsers.’ – Facebook.
So if you are worried about the safety of your social media accounts, a simple guideline to prevent yourself from getting hacked is this: have a strong password, and do not install any suspicious programs or click on suspicious ads which might contain programs called malware designed to steal your online identity. The stolen information can be used to extract people’s personal information from the websites, which can then be sold.
A strong password means that you use a mix of capital and lowercase letters and make passwords at least 8 characters long that has a combination of letters, numbers and symbols like exclamation mark.
An analysis posted on the SpiderLabs blog showed that the most-common password in the set was ‘123456,’ which was used in nearly 16,000 accounts.