Facebook and Twitter hackers steal passwords for 2m social media accounts

REVEALED: The haunting final words of researcher who set himself on fire outside Trump trial - ranted about Peter Thiel, Bill Clinton and crypto before torching himself in front of courthouse
Mom and four teenage girls renting an eerie Airbnb in rural Kentucky reveal why they left early after 'unsettling' discovery
Kitty set out to have casual sex for a year to see if women really can have no-strings liaisons. What she discovered was the horrifying reality of how men now believe they can treat women in the bedroom
Fears of war recede as Iran vows NOT to hit back over Israel strike... but Netanyahu's surgical attack angers his Right-wing ministers, who wanted him to go 'berserk'
Megyn Kelly reveals who she voted for in 2020: 'I really wrestled with it'
'You smokеd, then ate seven bars of chocolate': The 10 WORST lyrics in Taylor Swift's new album - ranked! As fans slam her for being cringe and uninspired, KARA KENNEDY says this record is more tortured than poet
Tucker Carlson says UFOs are piloted by 'spiritual entities' with bases 'under the ocean and the ground'
Remains of extinct human species that died thousands of years ago found in kitchen floor tiles
REVEALED: Man who set himself on fire outside Trump trial had JUST finished 180 days probation over spate of troubling incidents
REVEALED: Protestor's unhinged posts about Taylor Swift before he set himself alight outside Trump's hush money trial in New York City
PICTURED: The 37-year-old who set himself on FIRE outside Trump hush-money trial in front of horrified world media - as cops say he's SURVIVED initial self-immolation and is in critical condition
'An active shooter... no a man's set fire to himself!' Horrifying moment CNN hosts watch on as protester self-immolates and describes his blazing body shaking while 'engulfed in total flames'
Shock poll reveals what Americans really think about criminals slipping into the US
'Nothing surprises him anymore': Matt Healy's family respond to rumors Taylor Swift's savage track The Smallest Man Who Ever Lived is about him - and insist he is 'very happy in his new relationship'
What Taylor Swift drama? Kim Kardashian shares snap with pals and plugs American Horror Story after singer dropped TWO diss tracks against her on new album The Tortured Poets Department
Taylor Swift's song Florida!!! gets bizarre 'oddities' credit for Emma Stone on The Tortured Poets Department - as singer reveals track's inspiration is 'wanting a new life' amid heartbreak
Enough of the Swift scourge! MAUREEN CALLAHAN slams Taylor as a money-grabbing, narcissistic, wannabe poetess and says this intellectually stunted, clichéd new album commits the worst sin of all
Taylor Swift's The Tortured Poets Department behind-the-scenes! Jack Antonoff shares new photos of the star hugging Florence Welch as he details process of making her 11th album
Taylor Swift praised for 'hauntingly beautiful' new song Clara Bow by late silent movie star's family... but they admit they have NOT been able to 'successfully connect' with her team
Taylor Swift has 'humiliated' Kim Kardashian with The Tortured Poets Department diss track 'thanK you aIMee' - but there's a reason the reality star WON'T fire back at the singer
As Taylor Swift says she's a 'functioning alcoholic' in lyrics on new album, how pop star went from clean-cut country girl that never drank to music filled with booze and drug references
Formula One fans claim Taylor Swift had a dig at Fernando Alonso in her new album 'The Tortured Poets Department' after singer's rumored romance with the Spaniard last year
I was diagnosed with stage 3 colon cancer at 34 despite being in best shape of my life - don't ignore the embarrassing symptom I did
Bartender reveals the 'number one' rule customers should NEVER break when going out for drinks: 'Save yourself the embarrassment'

Hackers possibly compromised 326,000 Facebook accounts; 60,000 Google accounts; 59,000 Yahoo accounts and 22,000 Twitter accounts
Stolen credentials were found on served used to control network of hacked computer called 'Pony botnet'
Victims were from the U.S., Germany, Singapore and Thailand
Facebook and Twitter said the companies have reset the passwords of affected users
Nearly 16,000 hacked accounts used password '123456'

Published: 21:28 EDT, 4 December 2013 | Updated: 08:55 EDT, 5 December 2013

e-mail

Security experts have uncovered a cache of some 2 million pilfered passwords to popular social media websites including Facebook, Google, Twitter and Yahoo from Internet users across the globe.

Researchers with Trustwave's Chicago-based SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cyber criminals use to control a massive network of hacked computers known as the ‘Pony botnet.’

The company said Wednesday that it has reported its findings to the largest of more than 90,000 websites and Internet service providers whose customers' credentials it had found on the server.

'Dislike': Hackers stole usernames and passwords to more than 326,000 Facebook Inc accounts

The data includes more than 326,000 Facebook Inc accounts; some 60,000 Google Inc accounts; more than 59,000 Yahoo Inc accounts and nearly 22,000 Twitter Inc accounts, according to SpiderLabs.

How to build a better password:

Use mix of capital and lowercase letters and make passwords at least 8 characters long
Use combination of letters, numbers and symbols like exclamation mark
Do not use words found in the dictionary
Avoid easy-to-guess words, even if they aren’t in the dictionary
Do not use your name, company name or hometown, pets and relatives' names
Stay away from birthday dates and zip codes that can be looked dup

Victims were from the U.S., Germany, Singapore and Thailand, among other countries, with the Netherlands at the top of the list.

Representatives for Facebook and Twitter said the companies have reset the passwords of affected users, but there were no word from Goggle or Yahoo.

'Facebook takes people’s information security extremely seriously and we work hard to protect it,' a statement from the company read. 'While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their Web browsers.'

SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down the rogue Pony botnet server.

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was ‘123456,’ which was used in nearly 16,000 accounts.

Other commonly used credentials included ‘password,’ ‘admin,’ ‘123’ and ‘1.’

Under attack: Log-in information has been stolen for 60,000 Google accounts and more than 59,000 Yahoo accounts

Nearly 22,000 Twitter accounts were caught up in the hacking, which has been going on since late October

Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.

‘People are using very dumb passwords. They are totally useless,’ he said.

Researchers at the security company Trustwave analyzed the passwords compromised and found that only 5 per cent were excellent and 17 per cent were good. The rest were moderate or worse

CNN Money reported that the virus was installed in late October on an untold number of computers around the globe to net in credentials and then send them to a server controlled by the hackers.

Late last month, cyber security experts found the server in the Netherlands jam-packed with usernames and passwords for more than 93,000 sites.

Trove: Cyber security experts found a rogue server in the Netherlands filled with usernames and passwords for more than 93,000 sites

Besides Twitter and Facebook, the hackers potentially compromised accounts on the Russian social media forum Odnoklassniki, LinkedIn and also ADP, which is used by numerous companies to manage payroll.

‘We don't have evidence they logged into these accounts, but they probably did,’ said John Miller, a security research manager at Trustwave.

Facebook Twitter