A massive Pony malware bonnet successfully stole 2 million passwords from users of popular online accounts like Facebook, Google, Yahoo, Twitter and LinkedIn.
This automated hack which has been going on for the past month was unearthed by web security firm Trustwave, the media is reporting. Abby Ross, a spokesperson for Trustwave went into more detail about the hack with Mashable: “Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers, as well as by capturing them when they are used to log into web services.”
It is widely believed a criminal cyber gang was responsible. Two of the website where passwords were stolen were popular Russian social networks, vk.com and odnoklassniki.ru, and the data cache that was uncovered was written in Russian.
There are numerous potential financial repercussions. If any of the passwords of the users are the same as the login details of online banking, store or credit card accounts then it gives a cyber gang access to peoples finances. Rather disturbingly, payroll service provider adp.com (Automatic Data Processing, Inc. – ADP) was number 9 on the list of top domains, which moves $1.4 trillion around in payroll and other transactions every year.
Equally shocking, if this random group of two million is indicative of the population as a whole, Trustwave uncovered a high percentage of poor quality passwords. Six percent were ranked as terrible, 28 percent merely bad, and 44 percent of medium strength. Only 22 percent (17% good and 5% excellent) could be classed as being strong.
Trustwave explained that, “In our analysis, passwords that use all four character types and are longer than 8 characters are considered “Excellent”, whereas passwords with four or less characters of only one type are considered “Terrible”. Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good.”
Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%). The geographic spread was worldwide, with no one country being targeted. The server which was found and taken over was located in the Netherlands, although it is believed that isn’t the country where the attack originated from.
All affected parties (both web companies and end users) have been contacted and password resets are taking place. Spokespersons for Facebook, Yahoo and others affected urge users to set strong passwords.
Attacks never stop coming. Protect yourself now, with Strong Pass.