Image Credit: Trustwave. This image shows the distribution by site of the stolen passwords.
Some 2 million stolen Facebook and various social media passwords were found to have been hacked, as discovered by security firm, Trustwave. They breakdown the stolen contents as follows:
~1,580,000 website login credentials stolen
~320,000 email account credentials stolen
~41,000 FTP account credentials stolen
~3,000 Remote Desktop credentials stolen
~3,000 Secure Shell account credentials stolen
The team says the information is the product of a large “botnet,” or autonomously controlled group of computers. The Botnet, dubbed “Pony,” has increased in influence, and can steal user’s passwords by logging their every keystroke.
Trustwave said it notified the sites prior to posting their blog. Facebook denied being at fault; they placed the blame on the user machines, which is fair, since there is nothing Facebook can do to prevent people from downloading this type of malware.
Trustwave also showed that many of the passwords were low security. The most popular password was “123456.”
Botnets are a common way for hackers to make money, as they can slowly propagate and gain power, providing the hacker with a wide array of information that they can then choose how to move on, whether it be outright blackmail, or identity theft.
In fact, a website recently came under fire for installing a toolbar on user’s computers that mined Bitcoin, stealing people’s electricity and computing power.