More than two million passwords that are used on Google, Yahoo and Facebook and other web services were stolen and were later posted online. According to security experts, the details have probably been uploaded by a criminal gang. It is suspected that this particular data was taken from computers that had been infected by malicious software, which was design to log key presses. It has not been determined as yet as to how old the details are, but a warning has been issued by experts stating that even outdated information can prove to be a risk for people. As per a security researcher, it cannot be determined if these details still work or not. However, he also added that it was common knowledge that about 30 to 40% of the people use the same passwords on different websites.
He advised that this move was not exactly beneficial for them. Researchers who work for the security firm called Trustwave discovered the website that contained these passwords. The team published its findings in a blog post and clarified that according to their research a large botnet by the name of Pony had harvested these passwords and the information had been scooped up from thousands of computers all over the world that had been infected. A botnet is basically a network of machines that’s under the control of criminals and works because of malicious software that has been installed onto the computers without the knowledge of their owners.
Criminal gangs have the practice of using botnets for stealing large amounts of personal information that can be sold to others or can also be held for the purpose of obtaining ransom. In this scenario, the criminals obtained log-in information of popular social networks of thousands of individuals. Written in Russian, the website claimed to provide about 318, 121 combinations of usernames and passwords of Facebook. Entries were also made in the database regarding other services such as LinkedIn, Twitter, Google and Yahoo. There were some Russian websites also included in the data.
Trustwave had stated that prior to posting the blog entry, they had notified the services and websites that had been hit. It had been highlighted by Facebook that they were not to be blamed because this security risk was primarily because of the infected machines of the users. it was stated by a spokesman via email that although the details weren’t clear as yet, it was apparent that hackers had attacked various computers using malware and had scraped the information directly from their web browsers.
He also added that it was possible for users of Facebook to protect themselves against these risks by taking advantage of security settings such as Login Notifications and Login Approvals. Whenever anyone attempts to access their account, they would be given a notification. It was also stated by the social network that a password reset process had been forwarded to all the users that had been found in the database. Trustwave also said that after analysis it could be said that the passwords were fairly predictable.