Over two million passwords for Yahoo!, Facebook, Twitter, LinkedIn and others have been posted to the web after a botnet has infected thousands of machines and used a keylogger to obtain passwords. While this breach is not from any particular service, the botnet has clearly been running effectively for some time as it reportedly has over 2 million passwords, 300,000 of which are for Facebook accounts.
The information comes from security firm TrustWave who believe that the botnet, dubbed Pony, had infected thousands of machines and could still be in operation at this time. Seeing that the result of the password breach was from a local infection, as opposed to a service such as Twitter or Facebook being breached, there is not much these services can do for the credentials that have been stolen.
In analyzing the data, Trustwave noted that there were over 15,000 instances of a password being ‘123456’. Clearly, this is not a secure password and better practices should be utilized when creating an account for an online service.
Within the "Pony" upload, the following information was found:
- ~1,580,000 website login credentials stolen
- ~320,000 email account credentials stolen
- ~41,000 FTP account credentials stolen
- ~3,000 Remote Desktop credentials stolen
- ~3,000 Secure Shell account credentials stolen
As with any breach, if you think that your account may have been compromised, it is best to change your password immediately. More importantly, you should change your password from a machine that you believe is not infected with the malware, otherwise, the new password will be logged as well.
As a general reminder, it’s best to pick a non-dictionary term and to use upper/lowercase letters and numbers in your password to help form a secure authentication mechanism to protect your identity and content.
We should note that it appears that most malware packages do protect against the malware. Trustwave notes that, naturally, their protection software will stop this botnet from harvesting your data.