Security Researchers Uncover 2 Million Stolen Passwords

Trustwave researchers recently accessed a server storing almost two million user names and passwords for Facebook, Twitter, Google, Yahoo, LinkedIn and several other sites (h/t Graham Cluley).

Specifically, the server, which was controlling an instance of the Pony botnet, held 1,580,000 Web site login credentials, 320,000 e-mail account credentials, 41,000 FTP account credentials, 3,000 Remote Desktop credentials, and 3,000 Secure Shell account credentials.

The researchers note that while Facebook credentials may be high-profile, the server also held almost 8,000 login credentials for payroll service ADP, which would likely have more direct financial repercussions for the victims than a breach of a social networking site.

A list of the 10 most common passwords found on the server indicates once again that most people aren’t exercising caution in selecting a password — “123456” was the most popular, followed by “123456789,” “1234,” and “password.”

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Related articles