More than 2 million passwords for sites including Facebook, Yahoo, LinkedIn, Twitter and Google have been stolen and posted online.
Security firm Trustwave has discovered the trove of login credentials, email credentials and passwords, it announced on Tuesday.
Security experts revealed that a criminal gang may be behind the security breach.
The stolen information can be used to extract people's personal information from the websites, which can then be sold.
“Facebook takes people’s information security extremely seriously and we work hard to protect it," a Facebook spokesperson announced. "While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers."
The spokesperson also emphasized that all of the compromised passwords have been put into Facebook's password reset process, and that Facebook users can protect their accounts by activating Login Approvals and Login Notifications in their security settings.
"We immediately reset the passwords of the affected accounts," a spokesperson from Twitter announced.
A Google spokesperson pointed us to a blog post about the ways in which the company combats "account hijackers."
The passwords and credentials were taken from people all over the world, Trustwave finds, and the site where the information was posted is written in Russian.
The stolen passwords are, in general, weak ones. The most popular password that was stolen is "123456," followed by "123456789," "1234" and "password."
No comments:
Post a Comment