New Database Discovered With 2 Mil. More Stolen Login Credentials

[ritchie58]

Researchers have unearthed an online database full to the brim of stolen account information from popular services including Facebook, Yahoo, Twitter, and Google.

On Tuesday, the security team at Trustwave's SpiderLabs revealed in a blog post that the database contained 1.58 million stolen usernames and passwords. The login credentials were associated with 318,121 Facebook accounts, 21,708 Twitter accounts, 54,437 Google-based accounts, and 59,549 Yahoo accounts. The database also contained approximately 320,000 stolen email account credentials. The remaining number of compromised accounts on the server were FTP accounts, remote desktop details, and secure shells.

(Credit: SpiderLabs)

Demographically, the Netherlands seemed to be targeted the most, as 97 percent of the stolen credentials belonged to users in that country -- followed by Thailand, Germany, Singapore, and Indonesia. The United States accounted for less than 2,000 stolen credentials.

(Credit: SpiderLabs)

"A quick glance at the geolocation statistics above would make one think that this attack was a targeted attack on the Netherlands," the researchers said. "Taking a closer look at the IP log files, however, revealed that most of the entries from NL IP range are, in fact, a single IP address that seems to have functioned as a gateway or reverse proxy between the infected machines and the command-and-control server, which resides in the Netherlands as well."

This, in turn, prevents the researchers from truly knowing which countries were most targeted, if any. In addition, as more than 90 countries were accounted for on the list, it shows the cyberattack was global.

The culprit is called the Pony Botnet controller. Version 1.9 of the botnet is a powerful spy and keylogging type of malware which captures passwords and login credentials of infected users when they access applications and Internet sites. The botnet can be built and hosted directly on a Web site through a CMS control panel, where hooking up to an SQL database automatically will store details harvested from infected users.

The investigation also uncovered terrible password habits of Web site users. The most common passwords were 123456, 123456789, 1234, and simply the word password.

Will we ever learn?

This story originally appeared as "Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found" on ZDNet.

 

CNET article written by: Charlie Osborne, freelance journalist

 

My thoughts: This story is several days old but I thought it important enough to repost here because: It should go without saying but if you have a Facebook, Yahoo, Google or Twitter account it's time to change your password as soon as possible just to be on the safe side!!

[Zurchiboy]

thats pretty bad. I am sure thats not the only one out there.

[ritchie58]

Since the word is out about this Pony Botnet 1.9 I'm sure most AV vendors and security firms are adding this Trojan to their detection signature databases if they haven't already.

 

One bad thing about this type of spyware/keylogging malware is there may be little or no outward signs that your system is infected. "Maybe" your computer might boot up or shut down a little slower, overall system performance might be minimally diminished or web pages take slightly longer to load than usual. Something the average user might not even notice. Another aspect is the process the Trojan is using might be undetectable by normal process monitoring tools such as Windows Task Manager, Process Explorer, Process Lasso, etc... This makes the malware harder to detect and thus remove once your computer is infected.

 

That's why it's always important to make sure to use a good AV (such as Immunet) that is running properly and updated with the newest defs & be very careful which web sites you visit or what links you click on. This "can go a long way" to avoid possibly being infected with many types of malware in the first place!

 

Cheers, Ritchie...