Home » Internet » social Media » 2 Million Passwords Stolen By Pony Botnet: Protect Yours Now!
Last updated: December 5, 2013 at 13:48 pm

2 Million Passwords Stolen By Pony Botnet: Protect Yours Now!

Spider Labs, an elite team of ethical hackers and investigators from Trustwave Holdings have made a stunning discovery recently: More than 2 million (20 Lakhs) passwords and login credentials of social media users have been hacked. It includes passwords Facebook, Twitter, Google, LinkedIn and more social networks.

This discovery came to light when the servers of Pony Botnet were recently made public. Ever since that, Spider Labs have been digging deep into their servers and finding out the hidden secrets. The comforting part about this discovery is that, these passwords were not stolen from the social networks themselves but from the ignorant users. Malware infected machines of these users were thoroughly exploited by the botnet, and the login credentials were systematically stolen.

The breakdown of the passwords which were stolen by Pony Botnet (For http only) :

Number of Passwords

The inclusion on ADP was surprising as they have important financial data about employees, and this may mean that the hackers had some hidden ‘criminal’ objectives as well. Although the origin of this password stealing botnet hasn’t been revealed but it seems that Russia has a hand in this, as the list also contains users of popular Russian social media networks: vk.com and odnoklassniki.ru

Out of overall 2M passwords stolen, 1.58 mln were website login credentials, 320k email account passwords, 41k were FTP passwords, 3k were desktop credentials and 2k were shell account credentials.

RELATED:  Supreme Court Orders Facebook, Google, Microsoft To Block Rape Videos Circulating On Their Platforms

A botnet is a huge network of inter-connected programs, which collaborate to perform some well defined tasks. The objective and purpose of these tasks can sometime be illegal as well, depending on the person who has initiated these botnets and controlling them. Some of the common illegal operations performed by these botnets can be sending spam mail, participate in denial of service attacks and even stealing crucial information from Internet users such as bank details and passwords.

Pony Botnet specifically used reverse proxy to avoid detection, which further fueled the operations. All the outgoing traffic showed a proxy IP, which can be taken down any moment and replaced with another proxy.

The most interesting part:

Almost 16,000 social media accounts had set their password as “123456” which made this whole stealing process more easy! 2000+ people had used “password” as their password and 1991 used “admin”.

Here is the list of Top 10 passwords used among all the stolen ones:

List of top 10 passwords

Spider Labs said that only 5% of all stolen passwords were actually strong: 8 characters long and using all 4 types of characters.

To avoid such malware infected programs in your PC and to stop such password hacking botnets, you are strongly recommended to follow the symptoms which can reveal whether your PC is infected with malwares or not. And, always use a good anti-virus software.

RELATED:  WhatsApp is Adding a New Feature to Edit and Revoke Sent Messages, Exactly like Recalling Emails

But before that, it’s time to change your passwords for all social media accounts. 2 million passwords and user-ids are out there, in the open.

1 Comment

Click here to post a comment

Indian Startup Funding Investment Chart List 2016

Check out our Youtube Channel!

Indians Downloaded 6 Billion Apps in 2016; Beat USA in App Downloads!

India is becoming an important destination for Google, and this has once again been proven by the do…

Jio Witnesses Data Speed Increase by 2X, Now Averages 9.9 Mbps

There is a good news for all Jio subscribers. According to TRAI MySpeed portal, Jio speeds have incr…

Daily Tech Wrap #1: Uber Fare Rise, Nokia 6 Launch, Sub-2k Smartphone, Aadhaar Numbers & More...

We are starting a new daily Tech Wrap series that bring you the most happening stories of the day in…

BHIM Payments App Sets Download Records, But the App Has Many Issues!

BHIM or Bharat Interface for Money was launched by Government on 30th December 2016, and within 5 da…

Subscribe to Our Youtube Channel

who's online