A team of security experts and researchers found a big loot of passwords and login credentials for Google, Twitter, and Facebook, among other accounts were dumped online for easy taking. The investigators from Trustwave's Spider Labs said the two million passwords and other credentials were stolen using the Pony botnet from computers across the globe.
According to the report, the large botnet may have gained access to computers of unsuspecting users in more than 100 countries, as a malicious software. Botnets are networks of computers utilized by cybercriminals to steal huge volumes of data that will then be sold to others or put up for ransom.
The security firm detailed their findings through a blog post. The team reported that the Pony botnet version 1.9 was able to rake in credentials for 1.58 million website logins; 320,000 email accounts; 41,000 FTP accounts; 3,000 remote desktops; and 3,000 secure shell accounts. The botnet captures the information when users used the infected computer to access websites or applications. The harvested credentials are then saved into a database.
The compromised website logins include 318,121 Facebook accounts; 59,549 Yahoo accounts; 54,437 Google accounts, and 21,708 Twitter accounts.
"As one might expect, most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.," the Spider Labs team stated."Another interesting item on the list is the payroll service provider adp.com. It is only natural to have such domains in the mix, but it is surprising to see it ranked #9 on the top domains list. Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions."
The geo-locations breakdown revealed that users in the Netherlands were heavily targeted with 97.17 percent of the stolen passwords coming from the country. Thailand, Germany, Singapore, Indonesia were also on top of the list. Only around 2,000 credentials were stolen from computer users in the United States.
The security experts also looked into the quality of the passwords that were compromised.
"Since we couldn't think of anything to do with two million credentials for popular websites, social media, and email accounts; we decided to make some use of the quantity to look into users' password selection habits. Unfortunately, the most commonly used passwords were far from what your CISO would like to see..," the team from Spider Labs stated.
The top 10 passwords listed included "123456" (15,820 entries); "123456789" (4,875); "1234" (3,135); and "password" (2,212). Based on the length and characters used, the team classified only 5 percent of the passwords as strong, 6 percent as terrible, 28 percent as medium, and 17 percent good.