Hackers Steal Usernames And Passwords Of 2 Million Accounts From Facebook, Twitter, And Others

Image via dolphfyn/Shutterstock

Hackers have gained access to login information for more than 2 million accounts, predominantly on popular sites like Facebook, Google and Twitter, according to new reports. The culprit behind the attacks remains unknown.

An “ethical” hacker collective called SpiderLabs, whose parent company is web security firm Trustwave, announced Tuesday that it has gained access to the information and passwords although they were never made publicly available. The firms are using the information to try to help make the internet safer for the public, making useful information available to the public and explaining exactly what happened.

“Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies networks,” said Abby Ross, a Trustwave spokesperson, to Mashable. “Individual users had the malware installed on their machines and had their passwords stolen. Pony [malware] steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.”

Compromised Online Safety

Any password information is potentially useful to a hacker, but some more so than others. Some of the personal information was collected for payroll service provider adp.com, which poses a clearer and more significant risk for users than a security breach on Facebook.

At least one of the affected sites is already in cleanup mode after the attack. “We’ve initiated a password reset for people whose passwords were exposed,” a Facebook spokesperson told Mashable. The spokesperson also noted that users can protect themselves by checking their security settings. There, users can choose to be notified any time someone tries to access their accounts from unrecognized browsers. Logins from new devices will require a unique password sent only to the users’ cellphones.

Analyzing The Data

Daniel Chechik and Anat (Fox) Davidi released a full report on behalf of SpiderLabs analyzing exactly who fell victim to the attack. Most login information was for Facebook, about 57 percent of the passwords collected. Yahoo and Google were next on the list, accounting for 11 percent and 10 percent of the information collected, respectively.

Others on the list were two social networking sites popular among Russian speakers, which sheds some light on where in the world the attack may have been centered. The hackers did collect information on location, but it was inconclusive. More than 97 percent of the passwords appeared to come from the Netherlands. The hackers explained, however, that most of them came from the exact same IP address, meaning it simply acted as a global gateway and does not represent where users are located. They can say for certain that the attack affected people in at least 100 countries and was therefore a global event.

Chechik and Davidi also analyzed the passwords themselves. They found that most people still use passwords that are easy to remember and equally easy to guess, leaving people at risk of other hackers. The most popular password, accounting for nearly 16,000 of the 2 million, was “123456.” Another 17,000 of the passwords were some similar variation of consecutive numbers. Other popular passwords were “password” (2,200 passwords) and “admin” (2,000).

To make your accounts safer, Chechik and Davidi recommend using a password of “excellent” strength. “In our analysis, passwords that use all four character types and are longer than 8 characters are considered ‘Excellent,’ whereas passwords with four or less characters of only one type are considered ‘Terrible,’” they wrote. “Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.”