Large Scale Log-In Theft Uncovers Weak Passwords

Password on keyboard

A recent discovery of two million passwords to online accounts is making headlines. Violet Blue of ZDNet reports that a botnet is responsible for stealing users’ passwords to Facebook, Google, Twitter, Yahoo, one of the world’s largest providers of payroll services and more.

Though some have reported that the victims in this password heist are all located in the Netherlands, they’re actually believed to be spread across the globe. The criminal responsible used tactics to disguise his actions and make it look like the victims are all located in the Netherlands, but because of this it’s difficult to tell exactly where the passwords come from.

A tool called a Pony Botnet Controller is recognized as the root of this attack. It’s capable of stealing hundreds of thousands of passwords within only a few days of infection. In this particular infection, more than 1.5-million passwords to website’s were stolen along with 320-thousand email credentials, 41-thousand FTP credentials, 3-thousand remote desktop credentials and 3-thousand Secure Shell credentials.

When passwords are stolen in this manner, it should trigger action from all users regardless of whether they are actual victims. The stolen passwords become common knowledge for hackers. These passwords are used in lists that are part of hacking attempts on all kinds of online accounts. So, while your account may not have been compromised, someone with a similar password may have been, which in turn puts you at risk.

Shockingly, some of the most popular passwords found in this batch of stolen log-ins were extremely rudimentary. Almost 16-thousand of the stolen passwords were “123456”. “Password” was used over 2200 times and ‘admin’ accounted for almost 2000 of the stolen passwords. Overall, some form of the numbers 1 through 9 in order accounted for eight of the top ten most used passwords that were stolen.

This suggests that too many users are still using easy to remember, and incredibly easy to hack passwords for important accounts online. Using these passwords puts sensitive data at a significant risk. So, take this opportunity to create a stronger, original password for all of your accounts before you become a victim in the next attack.

If your computer is infected with malware, or you’d like to improve security to prevent an infection, call Geek Rescue at 918-369-4335.

December 4th, 2013