Matsuda Posted December 4, 2013 Share Posted December 4, 2013 Researchers have unearthed a server storing more than two million pilfered login credentials for all kinds of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites.More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave's Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells.More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries."A quick glance at the geo-location statistics above would make one think that this attack was a targeted attack on the Netherlands," Spider Labs researchers Daniel Chechik and Anat (Fox) Davidi wrote. They continued:"Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well. This technique of using a reverse proxy is commonly used by attackers in order to prevent the Command-and-Control server from being discovered and shut down--outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down. While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any."The server was running a bot controller application known as Pony. It's unclear exactly how the credentials were originally obtained. One possibility is they were captured using keyloggers or similar malware installed on compromised machines of end users. It could also be the case the credentials were pilfered using phishing websites or other types of social engineering attacks.As is often the case with mass password leaks, the discovery by Spider Labs underscores the poor security hygiene of many users. The usual offenders were there, including "123456" (used for 15,820 accounts), "123456789 (4,875), "1234" (3,135), and "password" (2,212). Overall, Spider Labs rated six percent of the passwords "terrible," 28 percent "bad," 44 percent "medium," 17 percent "good," and just five percent "excellent."Spider Labs' report comes two weeks after forums software maker vBulletin was hit by hackers who got access to customer password data and other personal information. Three days earlier, MacRumors—itself a user of vBulletin—also suffered a breach that exposed cryptographically hashed passwords for more than 860,000 accounts. There's no evidence those breaches are related to the leaked passwords reported Tuesday.Source Link to comment Share on other sites More sharing options...
Turk Posted December 5, 2013 Share Posted December 5, 2013 More than two million stolen passwords for sites like Facebook, Google and Yahoo have been reportedly posted online by cyber criminals. Security experts suspect that the confidential data was taken from computers infected with malicious software that logged key presses. Full Story: http://www.dnaindia.com/scitech/report-more-than-2-million-stolen-facebook-google-and-yahoo-passwords-leaked-online-1929965 Luckily, I have no account with any of them! Link to comment Share on other sites More sharing options...
jimbojet2011 Posted December 6, 2013 Share Posted December 6, 2013 F*%@ FaceBook Link to comment Share on other sites More sharing options...
akshay Posted December 6, 2013 Share Posted December 6, 2013 Nobody sent any alert to its customers. Shame ! Link to comment Share on other sites More sharing options...
geeteam Posted December 6, 2013 Share Posted December 6, 2013 Web security is of paramount importance to most Web users, and every now and then, something occurs that reminds us of how the determination of a hacker can result dire consequences. In a report that does make for quite disconcerting reading, someone, using a keylogger, managed to obtain over 2 million passwords of the likes of Facebook, Gmail, Twitter, Yahoo, and LinkedIn. Security outfit Trustwave made the discovery, with the attacker capitalizing on a keylogger based upon a variant of the Pony botnet controller — a malicious utility that recently cut hackers a break when its source code was leaked out into the wild. The method for obtaining the passwords was incredibly simple. Having installed the keylogger on millions of machines spanning 92 countries across the world, it then simply made a record of logins and passwords as they were typed. With many of us logging in to our favorite email accounts like Gmail, as well as social hunts like Facebook and Twitter, many hundreds of thousands of passwords were stolen from users each, and although this wasn’t achieved through any of our favorite services, the folks of ADP, Facebook, LinkedIn, and Twitter have already alerted affected users and reset their passwords for them. In a blog post, Trustwave listed the domains from which passwords were compromised: For once, the response appears to have been swift and effective, and so if, in the likely event that you do use one of the aforementioned services, you’re worried, the situation seems now to be under control. Nevertheless, Pony botnet controller managed to amass a whopping 1.5 million website logins, one-third of a million email account credentials, and a whole lot more, including the vital info on FTP and remote desktop accounts. If you do fear for your security online, there are a series of precautionary measures you could adhere to. As well as running a reputable virus scanning / Internet security app on your machine, don’t download anything from untrusted sources. Oh, and if you’re going to create a password, make sure it’s something that cannot be easily guessed. The big companies have worked hard to prevent users from typing in simple, effortlessly compromise-able secret words, and given that Trustwave discovered that some of the most common passwords compromised here included "123456789," and "password," it’s almost as if some people want their accounts to be compromised. Source Link to comment Share on other sites More sharing options...
Administrator Matt Posted December 6, 2013 Administrator Share Posted December 6, 2013 yes. true heard of that on the news Link to comment Share on other sites More sharing options...
Mr Orus Posted December 6, 2013 Share Posted December 6, 2013 Threads merged. :) Link to comment Share on other sites More sharing options...
Recommended Posts