Hackers have posted two million passwords online. Here is what to do if you're a victim.
Two million passwords for popular websites such as Facebook, Yahoo, Twitter and LinkedIn have been leaked online.
The data has been stolen using a computer virus, experts at security firm Trustwave have said.
These details have been stolen and uploaded by criminals. And as the information is now on the internet, it poses a huge threat to the security of customer accounts.
Stolen passwords
Researchers at Trustwave discovered the ‘Pony Botnet Controller’ which is run by criminals. It works by sending out a computer virus to obtain security details, which can then be used to access website and email accounts fraudulently.
Among the two million passwords, 1,580,000 were used for logging onto websites, 320,000 were for email accounts and 3,000 were for logging onto a desktop remotely.
The highest percentage of stolen passwords at 57.06% are from Facebook, followed by Yahoo, which accounts for 10.68% and Google at 9.76%, as you can see from the table below.
Two Russian social-networking websites are listed, suggesting that many of the passwords belong to Russian speakers.
In the ninth spot is a payroll service provider. This is alarming as it means the criminals could have accessed payroll records and financial details.
|
Website |
Number of stolen passwords |
Overall percentage |
|
|
318,121 |
57.06% |
|
Yahoo |
59,549 |
10.68% |
|
Google Accounts |
54,437 |
9.76% |
|
|
21,708 |
3.89% |
|
|
16,095 |
2.89% |
|
Odnoklassniki |
9,321 |
1.67% |
|
|
8,490 |
1.52% |
|
Th-th.facebook |
8,008 |
1.44% |
|
Agateway.adp |
7,978 |
1.43% |
|
Vk |
6,867 |
1.23% |
The websites on the list of leaked passwords have been informed by Trustwave of the security breach.
Facebook said it has secured the accounts on the list and it will make sure people affected are informed and directed how to change their passwords.
Compare credit cards with lovemoney.com
Weak passwords
When looking at the passwords on the list, experts at Trustwave discovered a worrying pattern. The majority of the two million were easy to guess words or numbers such as ‘123456’ or ‘password’.
This means criminals are able to access website and email accounts and even our financial details easily and quickly. The table below demonstrates the kind of passwords which were found.
|
Password |
Number on the list |
|
123456 |
15,820 |
|
123456789 |
4,875 |
|
1234 |
3,135 |
|
password |
2,212 |
|
12345 |
2,094 |
|
12345678 |
2,045 |
|
admin |
1,991 |
|
123 |
1,453 |
|
1 |
1,224 |
|
1234567 |
1,170 |
|
111111 |
1,046 |
How to protect yourself online
Criminals target social networks because they’re a place where people often unwittingly post private information, such as holiday dates.
[SPOTLIGHT]As many people use the same password for all of their accounts, if a fraudster gets hold of one they are then able to potentially access several email or bank accounts.
The number one rule is not using the same password for every account. When picking a password you should also make sure it's complicated enough that it won’t be guessed, but not so much so that you forget it. It also need to be at least eight characters long with a mix of upper and lower-case letters.
Read How to protect your PINs and passwords
If you think your financial details have been stolen, you can check your credit score online for any fraudulent activity, such as credit cards opened in your name. Thanks to lovemoney.com you can benefit from a 30-day free trial with CreditExpert which will give you an instant picture of what's going on with your credit record.