Information technology security firm Trustwave reported on Wednesday that over two million stolen passwords from websites including Facebook Inc (NASDAQ:FB), Google Inc (NASDAQ:GOOG) and Yahoo! Inc. (NASDAQ:YHOO) were found posted on a “black hat” website. The exact source and age of the data are not known, but Trustwave said in a blog post that the information had probably been uploaded by a criminal gang. It is very likely that the password data was collected from computers infected with malicious software, probably keystroke-logging malware.
Typical cyber criminal activity
Truistwave’s analysts said their research indicated the passwords had been harvested by a botnet named Pony. The extensive botnet collected information from tens of thousands of infected computers across the globe.
A botnet is a network of computers that are infected by malware without the owner’s knowledge. Cyber criminals can then harvest information from the infected computers. Cyber criminal gangs typically use botnets to steal personal and financial data, data which can be sold or even held for ransom. The Pony botnet was designed to focus on log-in information for popular social networks.
Russian connection
The website where the stolen password data was found was written in Russian. Text on the home page of the site claimed it offered 318,121 username and password combinations for Facebook Inc (NASDAQ:FB) alone. The site also listed username/password combinations for several other social media services, including Google, Yahoo, Twitter and LinkedIn, as well as Russian social media sites VKontakte and Odnoklassniki.
Facebook not at fault
Facebook Inc (NASDAQ:FB) released an email statement emphasizing that the company was not at fault, and that this incident was caused by infected user machines.
“While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers,” according to an email from a Facebook spokesman. “People can help protect themselves when using Facebook by activating Login Approvals and Login Notifications in their security settings. They will be notified when anyone tries to access their account from an unrecognized browser and new logins will require a unique passcode generated on their mobile phone.”
Facebook Inc (NASDAQ:FB) also said all of the users in the database had been notified and prompted to change their passwords.
