My window to the world

More passwords stolen. Rinse, repeat

By Mauricio Freitas, in , posted: 5-Dec-2013 15:35

A server was found with two million passwords to social network sites, web-based email and other services, including Facebook (318,000), Yahoo! (60,000), Google (54,000), Twitter (21,000) and LinkedIn (8,000).

Passwords seem to come computers in the Netherlands, Thailand, Germany, Singapore and Indonesia.

Those passwords were collected by a network of zombies (botnet) infected with a keylogger, a small program that records whatever a user types into a computer.

This is just another batch of passwords in the public hands. During the last year we’ve seen account information (including encrypted passwords) leaked from Adobe (152 million!), Gawker (532,000), Yahoo! (453,000) and Sony (37,000).

Even if the service you use encrypt passwords there still ways of finding what these are (including statistical analysis and plain brute force). Just look at this blog post “Adobe credentials and the serious insecurity of password hints” to see how easy it can be for someone to find passwords when millions of records are available.

You should change passwords every few weeks or months, and to be on the safe side you should always use different password in each service. Also if your service offers a second form of authentication (a security token, code via SMS or email), then use it.

Troy Hunt has just created a new site called ‘;—have I been pwned? where you can enter your email address to check if it shows up in any of these “treasure chests”.



Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre






comments powered by Disqus

freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I'm the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums. Also worth visiting is TravelTalk NZ, a community for travelers!

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

A couple of blog posts you should read:


Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
State of Browsers...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Google crawling Geekzone HTTPS...
Geekzone gone full HTTPS...
Microsoft Ignite New Zealand, ...
If the headlines indicate the ...
Geekzone data analytics with P...
State of browsers Geekzone Mar...
2Cheap Cars discussion...
Now with more fibre...
Unlimited is not unlimited: Vo...
How bad is Vodafone cable at t...

New posts on Geekzone