Facebook and Twitter have been hacked on a global scale. I
know this sounds absurd, but the fact is that both of these networks have been
compromised due to the use of simple passwords. This cannot be blamed on a lack
of security by Facebook or Twitter. Instead, this one falls directly on the
users’ heads.
Trustwave is a Chicago based company that specializes in
cyber security. The company posted to its blog that more than 2 million
accounts on the Internet, including some on Facebook and Twitter, have been
compromised by the “Pony” botnet controller virus. The virus is a piece of
malware that spies on your computer via a keylogging script. It was spread
around to computers all over the world, leaving many of them exposed to the
hack.
Trustwave tracked the activities of the virus to a server in
the Netherlands. They managed to do this through an “elite team of ethical
hackers,” which successfully traced the information that had been stolen.
According to SpiderLabs, Trustwave’s “hacking division,” said that some 650,000
sets of website credentials were stolen in a blog post last June. This was done
through the Pony, version 1.9. However, according to the latest report, this
time the theft was a very “stable and consistent operation” while the report
from June described a more “hit and run” setup.
This time around, 1,580,000 website login credentials and
320,000 email logins were stolen through a server in the Netherlands. The
server was first spotted on November 24th, and the accounts that
have been compromised are numerous.
Here is a breakdown of the numbers:
·
Facebook – 318,121
·
Yahoo – 59,549
·
Google – 54,437
·
Twitter – 21,708
·
Odnoklassniku (Russian social network) – 9,321
·
LinkedIn – 8,490
·
ADP (Payroll solutions provider) – 7,798
These accounts were compromised by a lack of private
security by users who chose weak passwords. If your password is “password” or “123456,”
then you’re at a much higher risk of being hacked than if you chose “SupercaliFragilisticExpealidocious.”
While that might seem a bit over the top, I am sure that the account holders at
ADP who found their money managing accounts compromised would disagree with you
wholeheartedly.
According to John Miller, a security manager at Trustwave, there
was “no evidence” that the hackers actually logged into the accounts. However,
he admitted there was no proof otherwise, saying, “but they probably did.”
The bottom line is that if you want to be secure in today’s
world, you should choose a password that’s hard to guess. Trustwave has
compiled a list of passwords they consider to be extremely insecure, and are
suggesting users do not ever incorporate into any online accounts.
1.
123456
2. 123456789
3. 1234
4. password
5. 12345
6. 12345678
7. admin
8. 124
9. 1
10. 111111
Stay away from these passwords at all costs, and protect
yourself from attacks like this one. Trustwave did note that most of the
accounts that were compromised were located in the Netherlands, however, that
is not to say someone will not target the U.S. in the next attack.
No comments:
Post a Comment