Two million passwords exposed thanks to botnet and malware infected PCs

Over two million passwords for Yahoo!, Facebook, Twitter, LinkedIn and others have been posted to the web after a botnet has infected thousands of machines and used a keylogger to obtain passwords. While this breach is not from any particular service, the botnet has clearly been running effectively for some time as it reportedly has over 2 million passwords, 300,000 of which are for Facebook accounts.

The information comes from security firm TrustWave who believe that the botnet, dubbed Pony, had infected thousands of machines and could still be in operation at this time. Seeing that the result of the password breach was from a local infection, as opposed to a service such as Twitter or Facebook being breached, there is not much these services can do for the credentials that have been stolen.

In analyzing the data, Trustwave noted that there were over 15,000 instances of a password being ‘123456’. Clearly, this is not a secure password and better practices should be utilized when creating an account for an online service.

Within the 'Pony' upload, the following information was found:

  • ~1,580,000 website login credentials stolen
  • ~320,000 email account credentials stolen 
  • ~41,000 FTP account credentials stolen
  • ~3,000 Remote Desktop credentials stolen
  • ~3,000 Secure Shell account credentials stolen

As with any breach, if you think that your account may have been compromised, it is best to change your password immediately. More importantly, you should change your password from a machine that you believe is not infected with the malware, otherwise, the new password will be logged as well.

As a general reminder, it’s best to pick a non-dictionary term and to use upper/lowercase letters and numbers in your password to help form a secure authentication mechanism to protect your identity and content.

We should note that it appears that most malware packages do protect against the malware. Trustwave notes that, naturally, their protection software will stop this botnet from harvesting your data.

Source: TrustWave | Via: BBC | Image Credit: Microsoft

Report a problem with article
Previous Story

Hundreds of complaints swarm Xbox One feedback site and Reddit

Next Story

First approved independent Xbox One developers include several well-known studios

25 Comments

Commenting is disabled on this article.

Supid question I change all my passwords every few months sure of doing it for every hack/leak how would we know if we have been affected? I mean Facebook has over a billion users, one AV solution or another might not pick it up.

This is why I changed every password on every site I am registered on recently as this is becoming more frequent of people getting passwords and this is a nice tool http://strongpasswordgenerator.com/ I use. I have also set-up second stage authentication on nearly everything that has it available. If you go through your email history it is amazing how many sites you can be registered to (my self is well over 160 sites) and it gets even more interesting to see how many sites have CC details and details (address / telephone numbers etc). If people use passwords like "123456" on their email then it would be pretty easy to get all of the information with password recovery on other sites.

Probably Windows XP users running IE6 with Windows Update disabled because "I got sick of those stupid update things popping up every 5 minutes."

This is the mindset of people who still use Windows XP.

Does this have anything to do with the Aartemis virus? I visited some family for Thanksgiving and two different households had this thing on their PC. Google trends show that Aartemis searches were zero before Nov 8.

what is it to do with windows? There are softwares and some mad dude ran the software and thanks to antivirus softwares it hasn't been detected. Its easy to criticize universe for all the problem we have.

Interesting site, I've tried all of mine and all but one are fine, the one that isn't was apparently exposed last month, yet I haven't used that account in years and can't think of anything it was used on, any way to check?

In analyzing the data, Trustwave noted that there were over 15,000 instances of a password being ‘123456'.

Damn! Now I have to go change the combination on my luggage.

ultimate99 said,
What does java has to do with this?
curious..

Aside from people being scared into installing malware, the next best way to get malware onto a computer is through the Java runtime. It's been a huge security hole for several years.

jwmcpeak said,

Aside from people being scared into installing malware, the next best way to get malware onto a computer is through the Java runtime. It's been a huge security hole for several years.

Or flash, javascript, acrobat, Word, Except, or anything else that executes remote code locally.

jwmcpeak said,

Aside from people being scared into installing malware, the next best way to get malware onto a computer is through the Java runtime. It's been a huge security hole for several years.

Perspective...

Chrome was used to infect more PCs last year than Java.

It is users that install Chrome and Firefox to 'protect' themselves that are making PCs more at risk.

iTunes is also as dangerous as Java, because of it use of WebKit, and was also in the top 5 ways PCs were infected.

IE wasn't in the top 5.

As for Pony, from the original story...

The Pony botnet has been involved in a large number of attacks. The most affected Web browser is Firefox, with Google Chrome in second place and Internet Explorer in third.

Edited by Mobius Enigma, Dec 4 2013, 8:59pm :

Well I think the title is emphasizing the fact that the companies where the passwords were exposed weren't at fault AND for people not taking proper precautions (decent passwords and antimalware software)

Companies shouldn't be allowing such insecure passwords as "123456" in the first place. Not that a more secure password helps if a keylogger is installed...