2 Million Gmail, Facebook and Twitter Accounts Reportedly Compromised In Pony Botnet Hack

Here's a bit of news that's far from deserving of a "Giddyup!": Thanks to the work of a botnet called "Pony", hackers have gained access to credentials for over 2 million individual accounts. These accounts span the entire gamut: Facebook, Twitter, Google (Gmail), and even a payroll service provider - perhaps the most dangerous of them all.

Pony works as a keylogger, capturing login details as users type them in. In this particular instance, the transactions end up going through a central server in the Netherlands, one that security analysis firm Trustwave has been tracking. After discovering all of the accounts that Pony had been exploiting, the firm notified the biggest companies in question, and prepared some in-depth analysis of just what it was that the botnet gathered, and from where.

Of the user credentials stolen, 1.58 million were website logins, while 320,000 were for email. Further, 41,000 FTP, 3,000 remote desktop, and 3,000 secure shell credentials were also taken.

The leader of the pack here was Facebook, with a staggering 318,000 accounts compromised; Yahoo!, by contrast, placed second, with 59,000. Clearly, these 2 million accounts encompass a wide variety of websites.

When analyzing the geo-location stats, it was discovered that the vast majority of credentials were routed through the Netherlands - something that was expected, given Trustwave's focus on a particular server there. Other countries might as well not even rank.

Whenever credentials get leaked en masse from a breach like this, passwords are often something that are looked at simply because they're sure to trigger  a head-scratching. This case is no exception. About 16,000 people used the password "123456", and 2,200 used "password". Further, the number of people who used multiple character-types in their passwords is, as expected, far too low.

The thing to note about this data-gathering effort is that this is just one operator. Pony's source code has been floating about, which means there are sure to be other operators around the globe taking advantage of it as well - a scary thought.

Via:  Spiderlabs
Comments
ShannonDianneDaves 11 months ago

This is a scary situation. Most people have their bank accounts tied to an email. Most likely they also have "liked" their banking and investment institutions on Facebook. I hope this issue is addressed quickly. With the release of this information, users need to change their passwords to online accounts. Of course, none of the companies will say who's account was hacked or notify the users of accounts that were.

Joseph Pianta 11 months ago

Companies are not going to know if 'you' got a key-logger virus on 'your' computer.

Don't goto unfamiliar sites or download software that says its free from odd sites. don't download porn. update your computer's anti-virus and mal-ware software regularly. Keep your computer's Operating System updated. And don't use common passwords. I use LastPass also and make the max number of characters spots or at least 25-30 spaces... and change them often too.

JMeloni 11 months ago

haha

KOwen 11 months ago

i use last pass to create and securely store all my passwords. I don't even trust chrome to save my information. "12345...that's the same combination I use on my luggage!" - spaceballs

CDeeter 11 months ago

Lovely

CraigRhudy 11 months ago

Had a "suspicious login" on my Google account earlier. Got it under control though

digitaldd 11 months ago

Pony botnet or pwny botnet?

MichaelMarch 11 months ago

Looks like a brute force password tumbling attack. So yes, if your password to Gmail is password or 123456789. Then, Ya... Your account is owned by other people other than yourself.

MichelleLynn 11 months ago

Use a password manager like Roboform!

Philip Fry 11 months ago

This is actually exactly why I just started using a password manager, to generate unique passwords for all of my various accounts, I found a deal for a free year of RoboForm Everywhere and couldn't pass it up.

http://www.roboform.com/lp?frm=securityspecial

ArgieLacerna 11 months ago

Patay..! Nbisto..?

interauth 11 months ago

Passwords are truly a pain from the past. We are seeing some interesting development, like FIDO (http://www.fidoalliance.org/) which could truly change things in a long run.

InterAuth was launched a while ago to make life a bit easier already with the existing "legacy" systems.

https://www.interauth.com

Post a Comment
or Register to comment