2 million Facebook, Google and Twitter stolen passwords discovered

Some services are now resetting user logins to be on the safer side.

A team of researchers has managed to unearth a server with more than two million login credentials of users belonging to popular services like Facebook, Google, Twitter and Yahoo!

The security team over at Trustwave’s SpiderLabs revealed in a blog post called “Look What I Found!” that it had stumbled upon a database that contains about 1.58 million stolen username and passwords. Scary as it sounds, these login credentials belong to more than 93,000 websites, including 318,121 Facebook accounts, 59,549 Yahoo! accounts, 54,437 Google accounts and 21,708 Twitter accounts.





After the news emerged, Facebook, LinkedIn and Twitter started resetting passwords of accounts that could have been compromised, reports PC World. Payroll processor ADP, also named in the list of affected services, has reset passwords of about 2,400 users but believes its internal network was not compromised. Facebook reset passwords and said, ”While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers.” LinkedIn and Twitter too said that they had been working closely with SpoderLabs over the past week in order to reset affected accounts.


These passwords were found on a Pony Botnet server, a while after the source code for the Pony Botnet Controller was leaked. Apart from these familiar sites, vk.com and odnoklassniki.ru, two popular Russian social networks, also make an appearance on the list released by SpiderLabs.

The geo-location statistics show a staggering amount of the hacking was targeted at the Netherlands. A closer look at the IP log files, says the team, shows that most of the entries from the Netherlands are in fact from a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well.

Unfortunately, this also means that researchers are unable to actually pinpoint which countries were on the radar of this hack. Contrary to initial reports, the attack was not concentrated to just the Netherlands, but with 90 countries on the list, was really a global attack.

Even while the server was running the Pony app, it’s not clear how these credentials were gathered. It could be possible that keyloggers or malware on the same lines were installed on infected computers or were plain and simple phished from fake websites. SpiderLabs ran a quick test on password hygiene of those that leaked and, not surprisingly, the team found passwords like “123456” forming a majority of the leaked password trove. Overall, Spider Labs rated six percent of the passwords "terrible," 28 percent "bad," 44 percent "medium," 17 percent "good," and five percent of them as "excellent."


(Cover image credit: Getty Images)

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.