2 Million Gmail, Facebook and Twitter Accounts Reportedly Compromised In Pony Botnet Hack

rated by 0 users
This post has 12 Replies | 1 Follower

Top 10 Contributor
Posts 26,727
Points 1,209,055
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Dec 4 2013 4:53 PM

Here's a bit of news that's far from deserving of a "Giddyup!": Thanks to the work of a botnet called "Pony", hackers have gained access to credentials for over 2 million individual accounts. These accounts span the entire gamut: Facebook, Twitter, Google (Gmail), and even a payroll service provider - perhaps the most dangerous of them all.

Pony works as a keylogger, capturing login details as users type them in. In this particular instance, the transactions end up going through a central server in the Netherlands, one that security analysis firm Trustwave has been tracking. After discovering all of the accounts that Pony had been exploiting, the firm notified the biggest companies in question, and prepared some in-depth analysis of just what it was that the botnet gathered, and from where.

Of the user credentials stolen, 1.58 million were website logins, while 320,000 were for email. Further, 41,000 FTP, 3,000 remote desktop, and 3,000 secure shell credentials were also taken.

The leader of the pack here was Facebook, with a staggering 318,000 accounts compromised; Yahoo!, by contrast, placed second, with 59,000. Clearly, these 2 million accounts encompass a wide variety of websites.

When analyzing the geo-location stats, it was discovered that the vast majority of credentials were routed through the Netherlands - something that was expected, given Trustwave's focus on a particular server there. Other countries might as well not even rank.

Whenever credentials get leaked en masse from a breach like this, passwords are often something that are looked at simply because they're sure to trigger  a head-scratching. This case is no exception. About 16,000 people used the password "123456", and 2,200 used "password". Further, the number of people who used multiple character-types in their passwords is, as expected, far too low.

The thing to note about this data-gathering effort is that this is just one operator. Pony's source code has been floating about, which means there are sure to be other operators around the globe taking advantage of it as well - a scary thought.

  • | Post Points: 155
Not Ranked
Posts 45
Points 360
Joined: Apr 2013

This is a scary situation. Most people have their bank accounts tied to an email. Most likely they also have "liked" their banking and investment institutions on Facebook. I hope this issue is addressed quickly. With the release of this information, users need to change their passwords to online accounts. Of course, none of the companies will say who's account was hacked or notify the users of accounts that were.

  • | Post Points: 20
Not Ranked
Posts 53
Points 325
Joined: Jun 2011
JMeloni replied on Wed, Dec 4 2013 6:19 PM

haha

  • | Post Points: 5
Top 500 Contributor
Posts 108
Points 1,120
Joined: Sep 2012
Location: California
KOwen replied on Wed, Dec 4 2013 7:39 PM

i use last pass to create and securely store all my passwords. I don't even trust chrome to save my information. "12345...that's the same combination I use on my luggage!" - spaceballs

  • | Post Points: 5
Top 100 Contributor
Posts 1,114
Points 11,290
Joined: Jun 2010
Location: Pennsylvania
CDeeter replied on Wed, Dec 4 2013 7:55 PM

Lovely

  • | Post Points: 5
Not Ranked
Posts 8
Points 55
Joined: Nov 2013

Had a "suspicious login" on my Google account earlier. Got it under control though

  • | Post Points: 5
Top 50 Contributor
Posts 2,929
Points 24,760
Joined: Jul 2001
Location: United States, New York

Pony botnet or pwny botnet?

  • | Post Points: 5
Top 500 Contributor
Posts 106
Points 735
Joined: Sep 2012

Companies are not going to know if 'you' got a key-logger virus on 'your' computer.

Don't goto unfamiliar sites or download software that says its free from odd sites. don't download porn. update your computer's anti-virus and mal-ware software regularly. Keep your computer's Operating System updated. And don't use common passwords. I use LastPass also and make the max number of characters spots or at least 25-30 spaces... and change them often too.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Dec 2013

Looks like a brute force password tumbling attack. So yes, if your password to Gmail is password or 123456789. Then, Ya... Your account is owned by other people other than yourself.

  • | Post Points: 5
Not Ranked
Posts 1
Points 20
Joined: Dec 2013

Use a password manager like Roboform!

  • | Post Points: 20
Not Ranked
Posts 1
Points 5
Joined: Dec 2013

This is actually exactly why I just started using a password manager, to generate unique passwords for all of my various accounts, I found a deal for a free year of RoboForm Everywhere and couldn't pass it up.

http://www.roboform.com/lp?frm=securityspecial

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Dec 2013

Patay..! Nbisto..?

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Dec 2013

Passwords are truly a pain from the past. We are seeing some interesting development, like FIDO (http://www.fidoalliance.org/) which could truly change things in a long run.

InterAuth was launched a while ago to make life a bit easier already with the existing "legacy" systems.

https://www.interauth.com

  • | Post Points: 5
Page 1 of 1 (13 items) | RSS