We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Security Researchers Uncover 2 Million Stolen Passwords

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Trustwave researchers recently accessed a server storing almost two million user names and passwords for Facebook, Twitter, Google, Yahoo, LinkedIn and several other sites (h/t Graham Cluley).

Specifically, the server, which was controlling an instance of the Pony botnet, held 1,580,000 Web site login credentials, 320,000 e-mail account credentials, 41,000 FTP account credentials, 3,000 Remote Desktop credentials, and 3,000 Secure Shell account credentials.

The researchers note that while Facebook credentials may be high-profile, the server also held almost 8,000 login credentials for payroll service ADP, which would likely have more direct financial repercussions for the victims than a breach of a social networking site.

A list of the 10 most common passwords found on the server indicates once again that most people aren't exercising caution in selecting a password -- "123456" was the most popular, followed by "123456789," "1234," and "password."

Submit a Comment

Loading Comments...