Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found

Summary:Researchers have uncovered a database where over two million stolen login credentials are being stored. Facebook, Twitter, Google and Yahoo accounts are in the mix.

password_security

Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter and Google.

On Tuesday, the security team at Trustwave's Spider Labs revealed in a blog post that 1,580,000 usernames and passwords on the server are website accounts, including 318,121 Facebook login credentials, 21,708 Twitter accounts, 54,437 Google-based accounts and 59,549 Yahoo accounts. 320,000 email account credentials were also stolen, and the remaining number of compromised accounts on the server are FTP accounts, remote desktop details and secure shells.

6a0168e94917b4970c019b01aaed57970c
Credit: Spiderlabs

Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belong to users in the country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials.

Screen Shot 2013-12-04 at 11.39.39
Credit: Spiderlabs

"A quick glance at the geo-location statistics above would make one think that this attack was a targeted attack on the Netherlands," the researchers said. "Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well."

This, in turn, prevents the researchers from truly knowing which countries were most targeted, if any. In addition, as over 90 countries were accounted for on the list, it shows the cyberattack was global.

The culprit is called the Pony Botnet controller. Version 1.9 of the botnet is a powerful spy and keylogging type of malware which captures passwords and login credentials of infected users when they access applications and Internet sites. The botnet can be built and hosted directly on a website through a CMS control panel, where hooking up to an SQL database will automatically store details harvested from infected users.

The investigation also uncovered terrible password habits of website users. The most common passwords were "123456," "123456789," "1234" and "password." Will we ever learn?

Topics: Security

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.