More than 2 million accounts have been compromised from popular sites such as Google, Yahoo, Twitter, Facebook and LinkedIn after malware captured login credentials from users worldwide, according to a new report.
According to web security firm Trustwave, hackers have stolen login usernames and passwords across various sites in the past month with the help of Pony malware, a bit different than a typical breach.
See also: Get Lost in These 19 Fascinating Maps
Pony steals passwords that are stored on the infected users' computers
Pony steals passwords that are stored on the infected users' computers as well as by capturing them when they are used to log into web services."
Although the culprit behind the hack remains unknown, Trustwave wrote on its blog that two targets were Russian-speaking social networking sites (vk.com and odnoklassniki.ru), which could hint at the virus' origin.
"The malware was configured so that the majority of the credential information was sent to a server in the Netherlands," Ross said. "The server does not show from which countries the information came from so we cannot break down exactly how many users from each country were affected. However, we can confirm the attackers targeted users worldwide including in the U.S., Germany, Singapore, Thailand and others."
It's also important to note that the stolen credentials were never publicly posted online. Trustwave researchers were able to access a command and control server used by the Pony botnet and recovered the passwords from there.
"We have reached out to the major service providers affected and they are taking steps to inform their users or remediate the compromised accounts," Ross told Mashable.
Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%).
A Facebook spokesperson told Mashable the company has already reached out to those with compromised accounts.
"While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers," a Facebook spokesperson told Mashable.
"As a precaution, we've initiated a password reset for people whose passwords were exposed."
"As a precaution, we've initiated a password reset for people whose passwords were exposed."
Facebook added that its users can protect themselves when using the site by activating login approvals and login notifications in their security settings.
"[These users] will be notified when anyone tries to access their account from an unrecognized browser and new logins will require a unique passcode generated on their mobile phone," the Facebook spokesperson said.
Yahoo also said it implemented password resets on accounts to protect users.
"It’s likely that [user] systems had out-of-date browsers or operating systems," a Yahoo spokesperson said.
We urge our users to keep their systems and applications updated, regularly run anti-virus software and not install programs from untrusted sources. We also encourage our users to set up second sign-in verification so they're notified when someone attempts to log into their account from another device."
To do so, check out Yahoo's video below.
Trustwave also discovered most of the compromised passwords were considered "weak."
"In our analysis, passwords that use all four character types and are longer than 8 characters are considered 'excellent,' whereas passwords with four or less characters of only one type are considered 'terrible,'" Trustwave wrote on its blog. "Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category."
Because the stolen log-in information wasn't posted online, services such as LastPass — which typically offers a tool to see if accounts have been compromised — is unable to do so for this breach. Instead, it advises everyone should use unique, strong passwords for all online accounts.
"If you use the same password on Facebook as you do for your online banking, that is a massive risk and you should update your accounts immediately," LastPass spokesperson Amber Gott said. "A password manager like LastPass can also thwart keyloggers since it autofills data for you on your sites, preventing you from having to type everything in. We also highly recommend using multifactor (two-factor) authentication, like Google Authenticator with LastPass and other online accounts that support it."
Have something to add to this story? Share it in the comments.
Image: Jonathan Nackstrand/Getty Images
Topics: Apps and Software, Facebook, gmail, hackers, LastPass, security, Tech, Twitter, U.S., World
http://mashable.com/2013/12/04/hackers-facebook-twitter-gmail/