Hackers Stole 2M Facebook, Google Passwords: How to Protect Your Accounts

PHOTO: Trustwave, an information security company, revealed that 2 million accounts had their passwords compromised.

Any time you logged into Facebook, Google, Twitter, or a host of other popular web services the past month, there may have been a hacker peering over your digital shoulder, sneaking a peek at your password.

The information security company Trustwave has revealed that the passwords to 2 million different accounts have been compromised. The malware program Pony forwarded the vast majority of the passwords to a central server in the Netherlands.

John Miller, security research manager at Trustwave, said that the hack wasn't due to a flaw in any of those company's servers. "It was the individual users' computers that had the malware installed on their machine," he told ABC News. He adds that the unnamed hackers were most likely motivated by profit. "These passwords were never publicly posted. We can't say for sure, but [the hackers] were probably going to sell them."

Many of the services whose users were affected have already taken action. "They may not necessarily inform users with an email," said Miller. However, he adds that affected users will be asked to reset their password after logging into their account.

Trustwave analyzed the passwords that were compromised in the hack and saw some of the trends usually associated with bad password security. The most common password was 123456. In addition, nearly half of all passwords used a single character type, such as all lowercase letters or all numbers.

"For a better password, we recommend a mix of uppercase, lowercase, numbers, and special characters," said Miller. "We also recommend using longer passwords of 16 or more characters, as well as using different passwords on different websites."

But even the most secure password wouldn't have been safe from the Pony malware. To that end, Miller said to practice good browsing habits. "Keep your anti-virus software up to date and make sure your browsers are updated and patched to the latest version," he said.

And above all, don't click that suspicious looking link in your email. "Pony is sent through spam links," said Miller.

Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
You Might Also Like...
See It, Share It
PHOTO: The fake baby a man was carrying as he and another woman tried to sneak into the mother and baby unit at Mercy Medical Center in Merced, Calif., hospital officials said.
Dignity Health Security/Mercy Medical Center Merced
dpa, Jens Wolf/AP Photo
PHOTO: U.S. Customs and Border Protection officers at the George Bush Intercontinental Airport in Houston stopped a would be smuggler from bringing nearly 7 ounces of cocaine into the country in tamales, Aug. 22, 2014.
U.S. Customs and Border Protection
PHOTO: Giant panda Bao Bao celebrates her first birthday at the Smithsonians National Zoo, Aug. 23, 2014.
David Galen, Smithsonians National Zoo