A server was found with two million passwords to social network sites, web-based email and other services, including Facebook (318,000), Yahoo! (60,000), Google (54,000), Twitter (21,000) and LinkedIn (8,000).
Passwords seem to come computers in the Netherlands, Thailand, Germany, Singapore and Indonesia.
Those passwords were collected by a network of zombies (botnet) infected with a keylogger, a small program that records whatever a user types into a computer.
This is just another batch of passwords in the public hands. During the last year we’ve seen account information (including encrypted passwords) leaked from Adobe (152 million!), Gawker (532,000), Yahoo! (453,000) and Sony (37,000).
Even if the service you use encrypt passwords there still ways of finding what these are (including statistical analysis and plain brute force). Just look at this blog post “Adobe credentials and the serious insecurity of password hints” to see how easy it can be for someone to find passwords when millions of records are available.
You should change passwords every few weeks or months, and to be on the safe side you should always use different password in each service. Also if your service offers a second form of authentication (a security token, code via SMS or email), then use it.
Troy Hunt has just created a new site called ‘;—have I been pwned? where you can enter your email address to check if it shows up in any of these “treasure chests”.
Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre
comments powered by Disqus