Site   Web

December 5, 2013

Hackers Steal 2M User IDs, Passwords — Posts Them Online

Image courtesy of (chanpipat)/ FreeDigitalPhotos.net
Image courtesy of (chanpipat)/ FreeDigitalPhotos.net

The usernames and passwords of roughly two million Facebook, Twitter, LinkedIn, Google and Yahoo users have been stolen and posted online by hackers, an online security firm has discovered.

SpiderLabs researchers came across the data while looking into a server in the Netherlands used by hackers to control what is known as the Pony botnet. The botnet is comprised of a large network of computers that have been compromised by the hackers.

The stolen information includes:

SpiderLabs image

SpiderLabs image

1,580,000 website login credentials stolen.

• 320,000 e-mail account credentials stolen.

• 41,000 FTP account credentials stolen.

• 3,000 Remote Desktop credentials stolen.

• 3,000 Secure Shell account credentials stolen.

From the 1.58 million compromised login credentials, more than 326,000 are from Facebook accounts, 60,000-plus are from Google accounts, more than 59,000 are from Yahoo accounts, about 22,000 are from Twitter accounts and nearly 8,500 are from LinkedIn accounts, according to SpiderLabs.

Account holders in the United States, the Netherlands, Germany, Indonesia, Singapore, Thailand and a handful of other countries were hit.

According to Reuters, Facebook and Twitter spokespeople said the social networks have reset the passwords of all users who were hacked. A Google spokeswoman declined to comment on the issue, while Yahoo was unavailable for comment.

SpiderLabs, which did an analysis of the stolen data, found many of the confiscated passwords were weak.

The top 10 passwords to appear on the list were:

SpiderLabs image

SpiderLabs image

• 123456

• 123456789

• 1234

• password

• 12345

• 12345678

• 123

• 1

• 1234567

• 111111

“And it all goes downhill from there,” SpiderLabs’ Daniel Chechik and Anat (Fox) Davidi wrote in a blog post. “We looked at the length and complexity of the passwords to get a better idea about the rest of the passwords” and found many of them used only one type of character.

Experts always encourage Internet users to use multiple characters: uppercase letters, lowercase letters, numbers and special characters.

“We also divided all the passwords into groups by password lengths,” they wrote. “Since both the length and type of characters in a password make up its ultimate complexity, we grouped those two characteristics to get an overall impression of how strong the passwords are.”

SpiderLabs image

SpiderLabs image

To determine how good the passwords were, the researchers broke them down into five categories from excellent — passwords that use all four character types and are longer than eight characters — to terrible — passwords with four or less characters of only one type.

Here is the breakdown:

• Excellent — Five percent

• Good — 17 percent

• Medium — 44 percent

• Bad — 28 percent

• Terrible — six percent

“Back in 2006 the top ten most common passwords comprised only 0.9 percent of the total count,” they said. “Today, in 2013, they add up to 2.4 percent. This could be a result of myspace having a minimum complexity policy, while in our data we have various domains with differing password complexity requirements. If our hypothesis is true, then the inevitable conclusion is that people still choose comfort over security.  If you don’t enforce a password policy, don’t expect your users to do it for you.”


avatar

Jennifer Cowan is the Managing Editor for SiteProNews.

3 Responses to “Hackers Steal 2M User IDs, Passwords — Posts Them Online

    avatar SAK says:

    Still they are saying Accounts are safe :P all social network companies should be aware of this HACKING hazards!

    avatar haris says:

    Many people have no idea about these article. it should be published in Urdu language.

    The obvious sad fact, is that there always be evil persons around us. Using their knowledge to hurt, and destroy! Some of those dudes might get wellpaid jobs, helping to protect us, from these threats!

Submit a Comment

Your email address will not be published. Required fields are marked *






You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 2,002,436 bad guys.

css.php