CATEGORIES
home Leisure Social And Internet

2 Million Gmail, Facebook and Twitter Accounts Reportedly Compromised In Pony Botnet Hack

by Rob WilliamsWednesday, December 04, 2013, 04:45 PM EDT

Here's a bit of news that's far from deserving of a "Giddyup!": Thanks to the work of a botnet called "Pony", hackers have gained access to credentials for over 2 million individual accounts. These accounts span the entire gamut: Facebook, Twitter, Google (Gmail), and even a payroll service provider - perhaps the most dangerous of them all.

Pony works as a keylogger, capturing login details as users type them in. In this particular instance, the transactions end up going through a central server in the Netherlands, one that security analysis firm Trustwave has been tracking. After discovering all of the accounts that Pony had been exploiting, the firm notified the biggest companies in question, and prepared some in-depth analysis of just what it was that the botnet gathered, and from where.

Of the user credentials stolen, 1.58 million were website logins, while 320,000 were for email. Further, 41,000 FTP, 3,000 remote desktop, and 3,000 secure shell credentials were also taken.

The leader of the pack here was Facebook, with a staggering 318,000 accounts compromised; Yahoo!, by contrast, placed second, with 59,000. Clearly, these 2 million accounts encompass a wide variety of websites.

When analyzing the geo-location stats, it was discovered that the vast majority of credentials were routed through the Netherlands - something that was expected, given Trustwave's focus on a particular server there. Other countries might as well not even rank.

Whenever credentials get leaked en masse from a breach like this, passwords are often something that are looked at simply because they're sure to trigger  a head-scratching. This case is no exception. About 16,000 people used the password "123456", and 2,200 used "password". Further, the number of people who used multiple character-types in their passwords is, as expected, far too low.

The thing to note about this data-gathering effort is that this is just one operator. Pony's source code has been floating about, which means there are sure to be other operators around the globe taking advantage of it as well - a scary thought.

Tags:  Google, Facebook, Gmail, security, Privacy, Twitter, social, NASDAQ:GOOG, (NASDAQ:FB), (NYSE:TWTR)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment