Hackers stole 2 million passwords

2013-12-06 10:30
A US man linked to the worldwide hacking group Anonymous has been detained by the FBI. (Yoshikazu Tsuno, AFP)

A US man linked to the worldwide hacking group Anonymous has been detained by the FBI. (Yoshikazu Tsuno, AFP)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Washington - The discovery of some two million stolen online passwords this week prompted fresh warnings from security researchers to strengthen protection from hackers.

US-based security firm Trustwave said it located the stolen credentials on a server in the Netherlands, affecting accounts from Facebook, Google, Yahoo and other major firms.

Trustwave said in a blog post that many of the compromised accounts had weak passwords - sometimes with fewer than four characters.

Only five percent were rated "excellent" with eight or more characters. And many were easy to guess such as "1234" or "123456."

"Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category," the blog post said.

The compromised accounts were linked to a "botnet" called Pony, which infected computers with malware and allowed hackers to remotely access the devices.

Victimized computers were found in some 100 countries, the statement said. "The attack is fairly global and ... at least some of the victims are scattered all over the world."

Independent security researcher Graham Cluley said the incident was a large-scale version of a common type of attack.

Multiple re-use

"Innocent users' computers have become infected with malware, which grabbed login details as they were entered by users," he said in a blog post.

"This data was then transmitted to the cyber criminals - either so they could access the accounts themselves or [more likely] sell on the details to other online criminals."

Serge Malenkovich of the security firm Kaspersky said cyber criminals can also steal credentials from people who check their e-mails or Facebook accounts from a public computer.

"This could be quite unpleasant by itself, but the problem will become even worse if you have a habit of re-using the same password for multiple online services," Malenkovich said.

"As password theft happens more often, this habit has become even more dangerous, especially if you consider that your daily routine now includes persistent access to financial transactions - from classical online banking to fund transfers using Gmail attachments. That's why a seemingly innocent Twitter password theft might eventually lead to the loss of real money."

Read more on:    kaspersky lab  |  us  |  online security

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.