Hackers May Have Stolen Your Facebook, Gmail, Or Twitter Password

Hackers May Have Stolen Your Facebook, Gmail, Or Twitter Password

The news: Cybersecurity firm Trustwave announced this week the findings of an investigation that revealed nearly two million Facebook, Google, Twitter, Yahoo, and other accounts had been compromised by a massive botnet named "Pony."

Usernames and passwords to the affected sites had been stolen and sent to a server in the Netherlands. Trustwave's staff discovered that the security of over 93,000 websites had been compromised, troublingly including payroll management company ADP. According to their statistics, here's the number of compromised accounts per website:

- 318,000 Facebook (FBFortune 500) accounts

- 70,000 Gmail, Google+ and YouTube accounts

- 60,000 Yahoo (YHOOFortune 500) accounts

- 22,000 Twitter (TWTR) accounts

- 9,000 Odnoklassniki accounts (a Russian social network)

- 8,000 ADP (ADPFortune 500) accounts (ADP says it counted 2,400)

- 8,000 LinkedIn (LNKD) accounts



Image credit: Trustwave

In a blog post titled "Moar Pony," Trustwave broke down the types of access stolen:

- 1,580,000 website login credentials stolen

- 320,000 email account credentials stolen 

- 41,000 FTP account credentials stolen

- 3,000 Remote Desktop credentials stolen

- 3,000 Secure Shell account credentials stolen

Also on the list were vk.com and Odnoklassniki.ru, two Russian social networks, indicating that many of the victims speak the Russian language. Trustwave also encountered some rather embarrassing password habits:


Come on, guys.

Should I panic? If you have to ask, maybe. But Facebook and Google have already taken action to have compromised users reset their account passwords, as has ADP, the payroll company.

But security researcher Graham Cluley told the BBC that "30-40%" of users use the same passwords on different websites, meaning that many users could be compromised on other sides if they use the same login credentials.

The breach was discovered on Nov. 24. The botnet had been operating for at least a month. Researchers don't know how many computers could be affected, and no one knows how many other botnets are silently collecting data across the internet.

What can I do to protect myself? While there's no way to protect yourself against government-sanctioned internet spying, there's plenty of ways to protect yourself against cybercriminals. Step one is building high-security passwords and varying them between sites, while step two is downloading anti-virus and anti-malware software like Spybot: Search & Destroy and keeping it up to date with the latest malware recognition updates installed. Step three is using the internet cautiously. Don't be an idiot.

How much do you trust the information in this article?

Tom McKay

Tom is a staff writer at Mic, covering national politics, media, policing and the war on drugs. He is based in New York and can be reached at tmckay@mic.com.

MORE FROM

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.

The 2017 solar eclipse will help scientists figure out just how much energy we get from the sun

Reflections are tricky things — as we'll learn when August's total solar eclipse hits.

No, Mars didn’t grow 12 more moons — here’s what’s happening in this stunning picture

Mars and the mysteriously multiplying moon.

Scooby-Doo’s real name isn’t Scoobert Doobert

It's time to call Scooby by his real name.

Zion Harvey, youngest recipient of double hand transplant, can now swing a baseball bat

After about 50 years and more than 100 patients undergoing surgery, doctors have found success with a double hand transplant.

The US desperately needs computer science majors, so keep coding

There are more than 500,000 computing jobs open in the US right now.

The 2017 solar eclipse will help scientists figure out just how much energy we get from the sun

Reflections are tricky things — as we'll learn when August's total solar eclipse hits.

No, Mars didn’t grow 12 more moons — here’s what’s happening in this stunning picture

Mars and the mysteriously multiplying moon.

Scooby-Doo’s real name isn’t Scoobert Doobert

It's time to call Scooby by his real name.

Zion Harvey, youngest recipient of double hand transplant, can now swing a baseball bat

After about 50 years and more than 100 patients undergoing surgery, doctors have found success with a double hand transplant.