Facebook, Google Passwords Stolen, Published Online

An online posting has exposed more than two million passwords, most of which were stolen from Google and Facebook users. The theft appears to have been made using a malicious keylogger program.

The posting, which was made in Russian, was discovered by security firm Trustwave Spider Labs. It informed the sites that issued the passwords before publicizing the discovery. It's not yet clear how many of the passwords were still in use when the list was first published, or how many are still in use today.

Just over 1.5 million of the details listed on the site were for website logins. The rest were mainly for email accounts, but there were also several thousand for accounts that let you access a computer remotely, which could pose a particularly serious risk.

Facebook Tops Stolen Password List

More than half the stolen passwords were for Facebook. Others included Yahoo, Google, Twitter, and LinkedIn, plus two popular Russian social networks and a payroll services provider. (Source: spiderlabs.com)

The passwords appear to have been stolen from computers in more than 100 countries. The vast majority are listed as being in the Netherlands, though it appears that's because most of the stolen data was routed through a computer there to hide the attackers' location.

Trustwave believes the passwords were stolen through a network of infected computers known as 'Pony 1.9'. The network was used to control keylogger software, which makes a note of when users visit particular sites and then tracks the username password that they type in, relaying it to the criminals.

It doesn't appear the targeted sites, like Facebook, have done anything wrong. (Source: bbc.co.uk)

Many Still Using Obvious Passwords

The list of passwords shows once again that many people are particularly unimaginative and predictable in choosing details. The most popular password choice was "123456" and five of the six most popular were simply strings of numbers, the only exception being the ever-popular "password."

Trustwave rated the stolen passwords based on their lengthy and the variety of character types, such as lower case or capital letters, numbers, and symbols. It rates five per cent as excellent, 17 per cent as good, 44 per cent as medium, and 28 per cent as bad.

According to Trustwave, the data suggests most people will only make a password as complex as necessary to meet the minimum requirements of the site or service they are using.