Spider Labs, an elite team of ethical hackers and investigators from Trustwave Holdings have made a stunning discovery recently: More than 2 million (20 Lakhs) passwords and login credentials of social media users have been hacked. It includes passwords Facebook, Twitter, Google, LinkedIn and more social networks.
This discovery came to light when the servers of Pony Botnet were recently made public. Ever since that, Spider Labs have been digging deep into their servers and finding out the hidden secrets. The comforting part about this discovery is that, these passwords were not stolen from the social networks themselves but from the ignorant users. Malware infected machines of these users were thoroughly exploited by the botnet, and the login credentials were systematically stolen.
The breakdown of the passwords which were stolen by Pony Botnet (For http only) :
The inclusion on ADP was surprising as they have important financial data about employees, and this may mean that the hackers had some hidden ‘criminal’ objectives as well. Although the origin of this password stealing botnet hasn’t been revealed but it seems that Russia has a hand in this, as the list also contains users of popular Russian social media networks: vk.com and odnoklassniki.ru
Out of overall 2M passwords stolen, 1.58 mln were website login credentials, 320k email account passwords, 41k were FTP passwords, 3k were desktop credentials and 2k were shell account credentials.
A botnet is a huge network of inter-connected programs, which collaborate to perform some well defined tasks. The objective and purpose of these tasks can sometime be illegal as well, depending on the person who has initiated these botnets and controlling them. Some of the common illegal operations performed by these botnets can be sending spam mail, participate in denial of service attacks and even stealing crucial information from Internet users such as bank details and passwords.
Pony Botnet specifically used reverse proxy to avoid detection, which further fueled the operations. All the outgoing traffic showed a proxy IP, which can be taken down any moment and replaced with another proxy.
The most interesting part:
Almost 16,000 social media accounts had set their password as “123456” which made this whole stealing process more easy! 2000+ people had used “password” as their password and 1991 used “admin”.
Here is the list of Top 10 passwords used among all the stolen ones:
Spider Labs said that only 5% of all stolen passwords were actually strong: 8 characters long and using all 4 types of characters.
To avoid such malware infected programs in your PC and to stop such password hacking botnets, you are strongly recommended to follow the symptoms which can reveal whether your PC is infected with malwares or not. And, always use a good anti-virus software.
But before that, it’s time to change your passwords for all social media accounts. 2 million passwords and user-ids are out there, in the open.