2,000,000 passwords stolen, posted for Facebook, Twitter, Google, others

Over 2,000,000 passwords for social networks and logins on Facebook, Twitter, LinkedIn, Yahoo, and Google have been stolen and posted online, according to the BBC (and now various other sources who have re-published the news).

The posted passwords were discovered by security firm Trustwave on Tuesday, and security experts told the BBC they suspect the uploading was done by a "criminal gang".

"We don't know how many of these details still work," said Graham Cluley, a security researcher, to the British news service. "But we know that 30 to 40 per cent of people use the same passwords on different websites.

"That's certainly something people shouldn't do."

Trustwave's Spider Labs said the most commonly stolen passwords are the easiest ones to guess and the ones that use only one or two types of characters – types are numbers, letters, or special characters like ?, $, and !.

Weak – and therefore vulnerable – passwords include entries like "12345" or "password."

On its blog, Trustwave wrote that, while the attack originally appeared to be targeted (mainly) at IP addresses and accounts in the Netherlands, they now believe it's actually far more international than that.

"Looking at the very bottom of image, we can see that there are 92 more countries that are not shown on the list above, indicating that the attack is fairly global and that at least some of the victims are scattered all over the world," Trustwave wrote on its Spider Labs blog on Tuesday.

The Huffington Post also quoted spokespeople for Facebook and Twitter saying they have taken steps to prevent precautions and to limit the damage possible done by Tuesday's news.

"We immediately reset the passwords of the affected accounts," someone at Twitter told the Huffington Post.

Facebook also urged its users to take it upon themselves to protect the security of their accounts, and said users can help protect themselves by activating both their Login Approvals and their Login Notifications.

"Facebook takes people's information security extremely seriously and we work hard to protect it," said a spokesperson for the company, again to the Huffington Post. "While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their web browsers."

The website Business Insider (via Trustwave and the BBC) posted the "most popular" passwords on Wednesday.

"If you recognize your favorite password here, it's really time to pick something else," BI wrote.





















We encourage an open exchange of ideas on this story's topic, but we ask you to follow our guidelines for respecting community standards. Personal attacks, inappropriate language, and off-topic comments may be removed, and comment privileges revoked, per our Terms of Use. Please see our FAQ if you have questions or concerns about using Facebook to comment.