Pony Botnet Controller - Facebook, Google, Twitter, Yahoo: Almost 2 Million Usernames & Passwords Stolen in a Mass Hack

Almost 2 million accounts on Facebook, Google, Twitter, Yahoo and other social media and Internet sites have been breached, according to a Chicago-based cybersecurity firm.

The hackers stole 1.58 million website login credentials and 320.000 e-mail account credentials, among other items, the firm Trustwave reported in a blogpost. Included in the hacks were thefts of 318.121 passwords from Facebook, 59.549 from Yahoo, 54.437 from Google, 21.708 from Twitter and
8.490 from LinkedIn. The list also includes 7.978 from ADP, the payroll service provider.

According to Trustwave, "Payroll services accounts could actually have direct financial repercussions."

Stolen Passwords by Day

Most of those stolen passwords were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the United States, which accounted for 859 reports from machines and 1.943 passwords, according to Trustwave. All inn all, just over 100 countries were affected, and Trustwave said this shows the attack is "fairly global."

The hacking began October 21st 2013 and might still be taking place, according to a CNN article, on this case.

The massive data crack was a result of keylogging software maliciously installed on an untold number of CPUs around the world, according to researchers at Trustwave. The Malware was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. On November 24th 2013, Trustwave Analysts tracked that server, located in the Netherlands. Google itself declined to comment on this subject.

John Miller, a security research manager at Trustwave, told CNN, "We don't have evidence they logged into these accounts, but they probably did." (So what now....?)

Miller said the team doesn't yet know how the virus got onto so many personal computers. The hackers set up the keylogging software to rout information through a proxy server, so it's impossible to track down which computers are infected.

Among the compromised data are about 41.000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6.000 remote log-ins.

 There are several other servers Trustwave has not yet tracked down, Miller said. ADP, Facebook, LinkedIn and Twitter told CNN they have notified users and reset passwords for compromised accounts. Google declined to comment and Yahoo did not respond immediately.

In compiling the data, Trustwave also discovered that many users are doing just what computer specialists advise against, using simplistic passwords that can easily be guessed. For instance, the top five passwords Trustwave found in researching the breaches were: 123456, 123456789, 1234, password and 12345.

Read the whole Blogpost from Trustwave @:
Look What I Found: Moar Pony!

SOURCE: Money CNN