Researchers at cyber security firm Trustwave recently discovered a hacker database that contains more than 2 million stolen passwords associated with a variety of popular services including Facebook, Gmail, Twitter and Yahoo. These services and more have been resetting account credentials since news of the theft started making the rounds.
Specifically, the collection contains login information for 318,121 Facebook accounts, 21,780 Twitter accounts, 54,437 Google-related accounts and 59,594 Yahoo accounts. There are also roughly 320,000 e-mail account credentials in the haul with the remaining accounts consisting of FTP logins and remote login information.
Fortunately for those in North America, there probably isn’t too much to worry about as the majority of individuals targeted were from the Germany, Indonesia, the Netherlands, Thailand and Singapore. More than 90 countries fell victim collectively although less than 2,000 accounts compromised were from the United States.
The software responsible for gathering credentials is known as the Pony Botnet controller. We are told that version 1.9 contains a powerful keylogger that is able to capture each keystroke as a user types on an infected machine.
Perhaps more disturbing than the theft itself is the fact that people are still using absurdly simple passwords to protect their online accounts. The investigation found that the most common passwords used were “123456,” “123456789,” “1234” and "password." Of course, a more secure password wouldn’t have helped in this case but still, a string of numbers in sequential order or the word “password” as your password is troublesome.