Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found

Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found

Summary: Researchers have uncovered a database where over two million stolen login credentials are being stored. Facebook, Twitter, Google and Yahoo accounts are in the mix.

TOPICS: Security

Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter and Google.

On Tuesday, the security team at Trustwave's Spider Labs revealed in a blog post that 1,580,000 usernames and passwords on the server are website accounts, including 318,121 Facebook login credentials, 21,708 Twitter accounts, 54,437 Google-based accounts and 59,549 Yahoo accounts. 320,000 email account credentials were also stolen, and the remaining number of compromised accounts on the server are FTP accounts, remote desktop details and secure shells.

Credit: Spiderlabs

Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belong to users in the country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials.

Screen Shot 2013-12-04 at 11.39.39
Credit: Spiderlabs

"A quick glance at the geo-location statistics above would make one think that this attack was a targeted attack on the Netherlands," the researchers said. "Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well."

This, in turn, prevents the researchers from truly knowing which countries were most targeted, if any. In addition, as over 90 countries were accounted for on the list, it shows the cyberattack was global.

The culprit is called the Pony Botnet controller. Version 1.9 of the botnet is a powerful spy and keylogging type of malware which captures passwords and login credentials of infected users when they access applications and Internet sites. The botnet can be built and hosted directly on a website through a CMS control panel, where hooking up to an SQL database will automatically store details harvested from infected users.

The investigation also uncovered terrible password habits of website users. The most common passwords were "123456," "123456789," "1234" and "password." Will we ever learn?

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Your privacy is stolen everyday!

    News alert: If you have been using facebook or google products, then your privacy has already been stolen. You may want to consider using privacy-based services such as DuckDuckGo, Ravetree, and HushMail.
  • hackers?

    Sounds like they found the NSA database.
  • bad pass habits

    That is true!We have no privacy at all,if we continue to use such a passwords like "1234" .lol
    Your password is a key to your online accounts,you should protect it,if you dont want to get hacked.Always store your passwords on a removable pen drive,so you can remove it, when not need it .Also always use a password generator website like passsfoxplace.com ,here you can generate encrypted passwords,the most important part is,that always use copy+paste command.On that way you never type your password on your keyboard,so you are protected against keyloggers.
    Arthur Major
  • copy & pasting passwords...

    I visited http://passfoxplace.com/ (as above with 2 s's, not 3) and they apparently were having a bad day- no passwords got generated. Anyway, I am about to publish a 14 page white paper on "RATs" Remote Access Trojans focusing on those intruders who use MS RDP (Remote Desktop) software to take over totally unsuspecting computer users.

    Wikipedia states that MS RDP began with the XP OS, but "Remote Copy" (& Paste) wasn't installed until Vista was released. Where this is true, my studies show that MS was able to install Remote Copy with SP3. Although I was using MS OS's since 1992, it took me 13 months before I could track down the "beast" that was living in my computer.

    The problem is that key components of RDP software cannot be removed from an MS OS, and I have a strong suspicion that law enforcement entities have "super software" that have super access to Windows machines. This, of course, is fine, except that it can fall into the wrong hands. In any case, C&P doesn't seem very secure as far as very important passwords are concerned.

    My conclusions in the study are that DVD or USB Linux Boot Disks will provide the best security from keyloggers and RATs. The next highest recommendation is to use a Google Chromebook or Chromebox to the widest extent possible. You can find more info at:

    http://www.gliqsecure.info/ and the yet-to-be-published http://www.gliqsecure.info/PageList.html
  • reply to your post

    Intresting studies ,but i think for the simple user enough to use copy+paste.Also it seems passfoxplace.com resolved the problem on their website.
    Arthur Major