Facebook, Twitter and Google users have 2m passwords stolen

Researchers from Trustwave Spiderlabs confirm discovery of massive haul of login data.


A botnet server containing two million passwords for Facebook, Yahoo, Google, Twitter and LinkedIn has been uncovered by the research team at Trustwave SpiderLabs.

The account credentials were reportedly stolen using the Pony Botnet Controller, which has been used in the past to steal passwords for websites, email accounts and FTP resources before passing them back to an unknown third party.

Advertisement - Article continues below

Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions.

Trustwave researchers have been tracking the botnet's progress since its source code was first leaked in the wild, and have described the findings of this latest haul in a blog post.

After discovering the server, the team gained access to its administrator's dashboard, which allowed them to gain an insight into the number and type of details stolen.

"As one might expect, most of the compromised web log-ins belong to popular websites and services, such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc," the blog states.

Login details for two Russian social networks and payroll service provider ADP.com were also found.

"Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," the blog post added.

Advertisement - Article continues below

The researchers said the data initially suggested the Pony Botnet Controller was being used to facilitate a targeted attack on web users in the Netherlands, but that is no longer thought to be the case.

Advertisement - Article continues below

"Taking a closer look at the IP log files...revealed that most of the entries from [the Netherlands] are in fact a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the Command-and-Control server, which resides in the Netherlands as well," the post continues.

"This technique of using a reverse proxy is commonly used by attackers in order to prevent the Command-and-Control server from being discovered and shut down.

"While this behaviour is interesting in itself, it does prevent us from learning more about the targeted countries in this attack, if there were any," it adds.  

In a further blog post, IT security expert Graham Cluley said the login details may have been used by cybercriminals to access people's accounts or sold on elsewhere for profit.

"What's happened here is clear. Innocent users' computers have become infected with malware, which grabbed login details as they were entered by users," he wrote.

"This data was then transmitted to the cybercriminals either so they could access the accounts themselves or (more likely) sell on the details to other online criminals."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020