Two million social media passwords posted online

Hackers have posted two million passwords online. Here is what to do if you're a victim.

Two million passwords for popular websites such as Facebook, Yahoo, Twitter and LinkedIn have been leaked online.

The data has been stolen using a computer virus, experts at security firm Trustwave have said.

These details have been stolen and uploaded by criminals. And as the information is now on the internet, it poses a huge threat to the security of customer accounts.

Stolen passwords

Researchers at Trustwave discovered the ‘Pony Botnet Controller’ which is run by criminals. It works by sending out a computer virus to obtain security details, which can then be used to access website and email accounts fraudulently.

Among the two million passwords, 1,580,000 were used for logging onto websites, 320,000 were for email accounts and 3,000 were for logging onto a desktop remotely.

The highest percentage of stolen passwords at 57.06% are from Facebook, followed by Yahoo, which accounts for 10.68% and Google at 9.76%, as you can see from the table below.

Two Russian social-networking websites are listed, suggesting that many of the passwords belong to Russian speakers.

In the ninth spot is a payroll service provider. This is alarming as it means the criminals could have accessed payroll records and financial details.

Website

Number of stolen passwords

Overall percentage

Facebook

318,121

57.06%

Yahoo

59,549

10.68%

Google Accounts

54,437

9.76%

Twitter

21,708

3.89%

Google

16,095

2.89%

Odnoklassniki

9,321

1.67%

LinkedIn

8,490

1.52%

Th-th.facebook

8,008

1.44%

Agateway.adp

7,978

1.43%

Vk

6,867

1.23%

The websites on the list of leaked passwords have been informed by Trustwave of the security breach.  

Facebook said it has secured the accounts on the list and it will make sure people affected are informed and directed how to change their passwords.

Compare credit cards with lovemoney.com

Weak passwords

When looking at the passwords on the list, experts at Trustwave discovered a worrying pattern. The majority of the two million were easy to guess words or numbers such as ‘123456’ or ‘password’.

This means criminals are able to access website and email accounts and even our financial details easily and quickly. The table below demonstrates the kind of passwords which were found.

Password

Number on the list

123456

15,820

123456789

4,875

1234

3,135

password

2,212

12345

2,094

12345678

2,045

admin

1,991

123

1,453

1

1,224

1234567

1,170

111111

1,046

How to protect yourself online

Criminals target social networks because they’re a place where people often unwittingly post private information, such as holiday dates.

[SPOTLIGHT]As many people use the same password for all of their accounts, if a fraudster gets hold of one they are then able to potentially access several email or bank accounts.

The number one rule is not using the same password for every account. When picking a password you should also make sure it's complicated enough that it won’t be guessed, but not so much so that you forget it. It also need to be at least eight characters long with a mix of upper and lower-case letters.

Read How to protect your PINs and passwords

If you think your financial details have been stolen, you can check your credit score online for any fraudulent activity, such as credit cards opened in your name. Thanks to lovemoney.com you can benefit from a 30-day free trial with CreditExpert which will give you an instant picture of what's going on with your credit record.

More on scams:

It's too late to beat the carbon credit scam

The 12 scams of Christmas

Microsoft hacker attack: what you should do now

The growing popularity of the phoney research scam

Online banking: How to stay safe

Comments


View Comments

Share the love