Around 2 million accounts have been compromised from regular sites such as Google, Twitter, Yahoo, Facebook and LinkedIn after malware captured login credentials from users worldwide, according to a recent report.
According to web security firm ‘Trustwave’, hackers have stolen user login names and passwords from different sites in the past month with the help of Pony malware, a bit different than a typical violation.
“Although these are accounts for online user services such as Facebook, Twitter, LinkedIn and Google, this is not the result of any weakness of those company network,” told Abby Ross, a spokesman from Trustwave. “PC users got the malware installed on their machines unintentionally and had their passwords stolen.
Pony steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into different web services.”
Still now the culprit behind the evil act of hacking remains unknown, Trustwave wrote on its blog page that two targets were Russian-speaking social networking sites (vk.com and odnoklassniki.ru), which could have been a hint at the virus’ origin.
“The malware was checked and configured so that the majority of the recorded information was sent to a server in the Netherlands,” Ross also told. “The server is not showing from which countries the information has been hacked from so we cannot identify exactly how many users from each country were affected. However, but we can confirm the attackers targeted users worldwide including in the U.S., Germany, Singapore, Thailand and European countries.”
It’s also mentionable that the stolen information was never publicly posted online. ‘Trustwave’ researchers were gained access a command and control server used by the Pony bot and scrapped the passwords from there.
“We have got the necessary information main service providers affected and they are taking necessary steps to inform their users or recover the compromised accounts,” Ross told Mashable.
Facebook.com accounted for about 57% of the compromised accounts, where followed by Yahoo (10%), Google (9%) and Twitter (3%).
A Facebook spokesman told ‘Mashable’ the company has already reached out to those users with compromised accounts.
“While details of these cases are not yet clear, it appears that general computers may have been scraped by hackers using malware to get information directly from their web browsers,” a Facebook spokesman told ‘Mashable’.
“As a safety measure, we’ve taken initiative for a password reset for people whose passwords were exposed.”
Facebook also added that its users can protect themselves when using the site by activating login approvals and login notifications in their security settings. They have also informed their users to use all security measures while using Facebook.
“Account Owners would be mailed /informed when somebody tries to get in their account from an unrecognized browser and newly installed logins will require a unique code generated on their mobile phone,” the Facebook spokesman said.
Yahoo also said they have implemented password resetting measure on accounts to protect users.
“We found that the user pc’s having out-of-date browsers or operating systems,” a Yahoo spokesman said.
They also informed that they urge their users to keep their systems and applications updated, regularly they should run anti-virus software and not install programs from untrusted & automated sources. They also encourage their users to set up second sign-in verification so they’re notified when someone take initiative to log into their account from another computer.”
Trustwave also revealed most of the compromised passwords were found “weak.”
“In our in-depth analysis, passwords that use all four character types and are longer than 8 characters are considered preferably ‘excellent’ whereas passwords with four or less characters of only one type are considered dangerously ‘terrible'”. Trustwave wrote on its blog that “Unfortunately, risky passwords than excellent ones, some bad passwords than the good once, and the majority, generally, is somewhere in between in the medium categories.”
Because of the stolen log-in information wasn’t posted online, services like LastPass — that typically offers a plugin tool to see if accounts have been compromised — is unable to do such thing for this breach. Leaving these, advises for everyone should use unique & strong passwords for all sorts of online accounts.
“If you use the same password in Facebook as you also do for your online banking, that is a huge risk and you should change your account detail immediately to different information,” LastPass spokesman Amber Gott told. “Password managers like-LastPass can also spoil keyloggers since it to autofills data for you on your sites, it is preventing you from typing everything in it. We also highly recommend for using multifactor (two-factor) authentication, like Google Authenticator with the LastPass and other online accounts which support it.”