Two million compromised accounts have been detected, including more than 1.5 million login credentials.
According to a blog by Trustwave’s SpiderLabs, these were from data leaked from the Pony botnet controller and more than 318,000 were Facebook logins. Other login data related to Yahoo, Twitter and Gmail, as well as Russian social networks.
In total there are users in 92 countries affected, indicating that the attack is fairly global and that at least some of the victims are scattered all over the world.
Brian Spector, CEO of CertiVox, said: “The news that over two million stolen passwords for some of the biggest online services in the world yet again goes to show the inherent vulnerability faced by organisations through the username and password system. If customers haven’t changed their passwords, they could well see their accounts taken over with all manner of potential damage caused.
“This is obviously not an isolated incident and with the sheer scale of the information available, it is high time that organisations everywhere took a second look at the security methods that they employ – what is proven time and again is that username and password security systems are inherently weak, offering a wide range of attack vectors to criminals, along with a valuable harvest of private customer information.
“The fact that many users tend to use the same password across multiple online accounts also means that their accounts for other online services could be under threat, not just the ones details have been leaked for. This coupled with the inherent problems with storing such complete information on one server really adds to the argument that it is time for companies to move beyond username and passwords and find a more secure method.”
Trustwave’s Abby Ross told the Telegraph that individual users had the malware installed on their machines and had their passwords stolen, and this not the result of any weakness in those companies networks.
The Pony botnet control panel was detected and seen by Trustwave, and six months ago it held 650,000 stolen credentials. Ross said that “Pony” malware steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.
“Although many of the accounts stolen in this case are for popular social networking sites such as Facebook, Twitter, and Linkedin, other credentials in the attacker’s collection may be the ultimate objective. Attackers usually seek to compromise social network accounts because they provide a mechanism for further spreading their malware. An attacker who controls your social networking profile can send messages to your contacts with malicious embedded links that will infect their computers. In this way, attackers can spread their botnets from victim to victim through the social network.
Tom Cross, director of security research at Lancope, said: “Although many of the accounts stolen in this case are for popular social networking sites such as Facebook, Twitter, and Linkedin, other credentials in the attacker’s collection may be the ultimate objective. Attackers usually seek to compromise social network accounts because they provide a mechanism for further spreading their malware.
n“An attacker who controls your social networking profile can send messages to your contacts with malicious embedded links that will infect their computers. In this way, attackers can spread their botnets from victim to victim through the social network.”
