UPDATED 04:39 EDT / DECEMBER 05 2013

NEWS

Almost 2 million Facebook, Google, Twitter and Yahoo accounts compromised in mass hack

Security researchers have discovered an online hoard of more than 1.5 million stolen passwords for user accounts on top websites like Google, Facebook, Yahoo and Twitter.

The database of stolen user credentials was discovered by researchers at Trustwave’s Spiderlabs, which announced its findings it a blog post. According to Trustwave, the database is said to contain 1.58 million stolen passwords and user names, of which, 318,121 belong to Facebook accounts, 59,549 to Yahoo accounts, 54,437 to Google accounts, and 21,708 are for Twitter accounts. As for the remainder, these were found to be a mixture of compromised FTP accounts, secure shells and remote desktop details.

For whatever reason, users from the Netherlands make up the majority of victims – more than 97 percent of the compromised accounts belong to users from that country. Other affected countries include Thailand, Germany, Singapore and Indonesia. In the United States, less than 2,000 accounts were affected.

From Trustwave’s blog:

“A quick glance at the geolocation statistics above would make one think that this attack was a targeted attack on the Netherlands. Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are, in fact, a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the command-and-control server, which resides in the Netherlands as well.”

Essentially what this means is that the researchers can’t actually be sure which countries were singled out for the attack, if any were at all. With more than 90 countries affected in total, it’s likely that this was in fact a global attack.

Hacked by Malware

 

Trustwave also managed to pinpoint how the user credentials were stolen. In its post, it explains that the passwords were harvested by a massive botnet known as “Pony”, which secretly collected the data from thousands of infected computers worldwide. For those out of the loop, the term “botnet” is used to describe a network of hacked computers that’ve been compromised by malicious software (malware) being installed on them without the owner’s knowledge.

In the case of Pony, the researchers say that version 1.9 is a powerful keylogging malware that’s designed to capture user’s login details whenever they access websites or applications. Botnets like this are often built and hosted directly on websites via a CMS control panel, where the ‘owner’ can access the data harvested from infected machines.

Often, cybercriminals use botnets to steal vast amounts of data, before offering this for sale to other criminals on underground web forums.

Trustwave found that the operators of this particular were offering 318,121 user names and password combos for sites including Facebook, Google, Yahoo, Twitter, LinkedIn, Vkontakte and Odnoklassniki.

Aside from this, Trustwave’s investigation also revealed that people still don’t seem to get the message r.e. their password habits – once again, the most common passwords found in the haul were 123456, 123456789, 1234 and “password”.

When will people learn?


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU