Over two million passwords used for sites like Facebook, Yahoo and Google were stolen and posted online. The passwords were discovered by researchers from a security firm.
According to a blog post by Trustwave Holdings, they believe that the passwords had been stolen by Pony, a large botnet -- a group of Internet-linked programs communicating with other similar programs to carry out tasks – that collect information globally through numerous infected computers.
Security experts believe that the passwords were stolen from computers where malicious software that logged key presses is installed.
Security researcher Graham Cluley, wrote, “We don't know how many of these details still work. But we know that 30-40% of people use the same passwords on different websites.”
“That's certainly something people shouldn't do.”
The site where the stolen passwords were posted is written in Russian. It claimed to give out 318,121 Facebook username and password combinations occupying 57.06 percent of the total stolen information. Next to the social networking giant is Yahoo with 59,549 affected accounts or 10.68 percent of the total.
Other compromised services belong to Google, Twitter, LinkedIn, and more.
Trustwave had sent notifications to the sites and services affected before releasing the details in the blog post.
A spokesperson for Facebook told BBC, “While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their web browsers.”
He also encouraged Facebook users to activate their Login Approvals and Login Notifications in their security settings.
“They will be notified when anyone tries to access their account from an unrecognized browser and new logins will require a unique passcode generated on their mobile phone.”
While obviously implying that they are not at fault, the social network had placed all of the users found in the list through a password reset process.
