Thursday, December 5, 2013

Hacked: Facebook & Twitter Accounts Compromised In Global Password Hack

Facebook and Twitter have been hacked on a global scale. I know this sounds absurd, but the fact is that both of these networks have been compromised due to the use of simple passwords. This cannot be blamed on a lack of security by Facebook or Twitter. Instead, this one falls directly on the users’ heads.

Trustwave is a Chicago based company that specializes in cyber security. The company posted to its blog that more than 2 million accounts on the Internet, including some on Facebook and Twitter, have been compromised by the “Pony” botnet controller virus. The virus is a piece of malware that spies on your computer via a keylogging script. It was spread around to computers all over the world, leaving many of them exposed to the hack.

Trustwave tracked the activities of the virus to a server in the Netherlands. They managed to do this through an “elite team of ethical hackers,” which successfully traced the information that had been stolen. According to SpiderLabs, Trustwave’s “hacking division,” said that some 650,000 sets of website credentials were stolen in a blog post last June. This was done through the Pony, version 1.9. However, according to the latest report, this time the theft was a very “stable and consistent operation” while the report from June described a more “hit and run” setup.

This time around, 1,580,000 website login credentials and 320,000 email logins were stolen through a server in the Netherlands. The server was first spotted on November 24th, and the accounts that have been compromised are numerous.

Here is a breakdown of the numbers:
·         Facebook – 318,121
·         Yahoo – 59,549
·         Google – 54,437
·         Twitter – 21,708
·         Odnoklassniku (Russian social network) – 9,321
·         LinkedIn – 8,490
·         ADP (Payroll solutions provider) – 7,798

These accounts were compromised by a lack of private security by users who chose weak passwords. If your password is “password” or “123456,” then you’re at a much higher risk of being hacked than if you chose “SupercaliFragilisticExpealidocious.” While that might seem a bit over the top, I am sure that the account holders at ADP who found their money managing accounts compromised would disagree with you wholeheartedly.

According to John Miller, a security manager at Trustwave, there was “no evidence” that the hackers actually logged into the accounts. However, he admitted there was no proof otherwise, saying, “but they probably did.”

The bottom line is that if you want to be secure in today’s world, you should choose a password that’s hard to guess. Trustwave has compiled a list of passwords they consider to be extremely insecure, and are suggesting users do not ever incorporate into any online accounts.

 1.       123456
 2.     123456789
 3.     1234
 4.     password
 5.    12345
 6.    12345678
 7.    admin
 8.    124
 9.    1
10.  111111

Stay away from these passwords at all costs, and protect yourself from attacks like this one. Trustwave did note that most of the accounts that were compromised were located in the Netherlands, however, that is not to say someone will not target the U.S. in the next attack.