Two million social media passwords posted online

Hackers have posted two million passwords online. Here is what to do if you're a victim.

Two million passwords for popular websites such as Facebook, Yahoo, Twitter and LinkedIn have been leaked online.

The data has been stolen using a computer virus, experts at security firm Trustwave have said.

These details have been stolen and uploaded by criminals. And as the information is now on the internet, it poses a huge threat to the security of customer accounts.

Stolen passwords

Researchers at Trustwave discovered the ‘Pony Botnet Controller’ which is run by criminals. It works by sending out a computer virus to obtain security details, which can then be used to access website and email accounts fraudulently.

Among the two million passwords, 1,580,000 were used for logging onto websites, 320,000 were for email accounts and 3,000 were for logging onto a desktop remotely.

The highest percentage of stolen passwords at 57.06% are from Facebook, followed by Yahoo, which accounts for 10.68% and Google at 9.76%, as you can see from the table below.

Two Russian social-networking websites are listed, suggesting that many of the passwords belong to Russian speakers.

In the ninth spot is a payroll service provider. This is alarming as it means the criminals could have accessed payroll records and financial details.

Website

Number of stolen passwords

Overall percentage

Facebook

318,121

57.06%

Yahoo

59,549

10.68%

Google Accounts

54,437

9.76%

Twitter

21,708

3.89%

Google

16,095

2.89%

Odnoklassniki

9,321

1.67%

LinkedIn

8,490

1.52%

Th-th.facebook

8,008

1.44%

Agateway.adp

7,978

1.43%

Vk

6,867

1.23%

The websites on the list of leaked passwords have been informed by Trustwave of the security breach.  

Facebook said it has secured the accounts on the list and it will make sure people affected are informed and directed how to change their passwords.

Compare credit cards with lovemoney.com

Weak passwords

When looking at the passwords on the list, experts at Trustwave discovered a worrying pattern. The majority of the two million were easy to guess words or numbers such as ‘123456’ or ‘password’.

This means criminals are able to access website and email accounts and even our financial details easily and quickly. The table below demonstrates the kind of passwords which were found.

Password

Number on the list

123456

15,820

123456789

4,875

1234

3,135

password

2,212

12345

2,094

12345678

2,045

admin

1,991

123

1,453

1

1,224

1234567

1,170

111111

1,046

How to protect yourself online

Criminals target social networks because they’re a place where people often unwittingly post private information, such as holiday dates.

As many people use the same password for all of their accounts, if a fraudster gets hold of one they are then able to potentially access several email or bank accounts.

The number one rule is not using the same password for every account. When picking a password you should also make sure it's complicated enough that it won’t be guessed, but not so much so that you forget it. It also need to be at least eight characters long with a mix of upper and lower-case letters.

Read How to protect your PINs and passwords

If you think your financial details have been stolen, you can check your credit score online for any fraudulent activity, such as credit cards opened in your name. Thanks to lovemoney.com you can benefit from a 30-day free trial with CreditExpert which will give you an instant picture of what's going on with your credit record.

More on scams:

It's too late to beat the carbon credit scam

The 12 scams of Christmas

Microsoft hacker attack: what you should do now

The growing popularity of the phoney research scam

Online banking: How to stay safe

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.