According to researchers, scammers have scooped up more than 2 million passwords for sites like Facebook, Google, and Yahoo, but it appears that the data was stolen via malware-infected machines rather than a hack of those companies' systems.
Trustwave's SpiderLabs dug into source code from the Pony botnet, which was recently made public, and made some startling discoveries. The botnet managed to steal credentials for: 1.58 million websites; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts.
Looking at the domains from which those passwords were stolen, Facebook was most popular, accounting for 318,121, or 57 percent. Yahoo came in second with about 60,000, followed by Google Accounts (54,437), Twitter (21,708), and Google.com (16,095). Also on the list was LinkedIn (8,490 passwords) and payroll provider ADP (7,978), which Trustwave said was surprising."Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the firm wrote in a blog post.
The presence of Russian social networks vk.com and odnoklassniki.ru on the list, meanwhile, "probably indicates that a decent portion of the victims comprised were Russian speakers," Trustwave said.
The Pony Botnet used a reverse proxy to avoid detection and continue the scam as long as possible. "Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down," Trustwave said. "While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any."
Trustwave also didn't have more details about how passwords were obtained; it's possible the malware logged keystrokes. The data did reveal, however, that many of you need to step up your password game. Almost 16,000 accounts used "123456" as their passwords, while 2,212 used "password" and 1,991 used "admin."
Overall, only 5 percent of the 2 million passwords are what Trustwave considers to be excellent - passwords that use all four character types and are longer than 8 characters. Another 17 percent are good, 44 percent are medium, 28 percent are bad, and 6 percent are terrible.
For more, check out The Sneakiest Kinds of Malware and 7 Signs You've Got Malware, as well as The Best Password Managers and Get Organized: How I Cleaned Up My Passwords in 5 Weeks.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
