2 Million Facebook, Gmail and Twitter Passwords Stolen in Massive Hack

Story:

2 million Facebook, Gmail and Twitter passwords stolen in massive hack Hackers have stolen usernames and passwords for nearly two million accounts, compromising accounts at Facebook, Gmail, Twitter, Yahoo and ADP.

Analysis:

These messages circulating online state that hackers have stolen the usernames and passwords of about two million accounts related to Facebook, Gmail, Twitter, Yahoo and ADP. Yes, it is a fact!

On Nov. 24, researchers at the web security firm Trustwave tracked a hacker’s server located in the Netherlands. They discovered that the hackers have been stealing the login usernames and passwords of various sites for over a month – with the help of Pony malware. It was reported that a keylogging software was maliciously installed on a number of computers around the world, which was capturing the log-in credentials and sending them to a server controlled by the hackers. The compromised credentials were related to more than 93,000 websites, including:

318,000 Facebook accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo accounts
22,000 Twitter accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP accounts (ADP says it counted 2,400)
8,000 LinkedIn accounts

Abby Ross, a spokesperson for Trustwave, said that the massive hack is not a result of any weakness in those companies’ networks; individual users had the malware installed on their machines and their passwords were stolen. While Google declined to comment, Facebook, Twitter, Yahoo, LinkedIn and ADP told CNNMoney that they have notified and reset passwords for the compromised users.

The majority of the compromised accounts (57%) were that of Facebook. A Facebook spokesperson told Mashable, “While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers. As a precaution, we’ve initiated a password reset for people whose passwords were exposed.” Facebook users can give their accounts extra protection by activating advanced security features like login approvals and login notifications in their security settings. In this article, you can learn how to use Facebook security to prevent hacking and enjoy healthy networking.

The attackers targeted users worldwide, including in the United States, Germany, Singapore, Thailand and others. According to the researchers, this hacking process could be ongoing and there could be similar servers not yet tracked down.

John Miller, a security research manager at Trustwave, stated that it would be difficult to know whether your computer is infected, as the virus running in the background would be hidden. Users are advised to update their antivirus software and download the latest patches for Internet browsers, Adobe and Java. And when you are changing your passwords, remember to choose strong ones – a mix of lowercase, uppercase, numbers and special characters.