Researchers with Trustwave's SpiderLabs discovered two million stolen passwords posted online. The finding was made while they were investigating the server or controller associated with a botnet known as Pony. The passwords were taken from users of popular sites and services including Facebook, Google, Yahoo, and Twitter. Victims were from the US, Germany, Singapore, Thailand, and other nations. Researchers said the stolen data included roughly 1,580,000 website login credentials; 320,000 e-mail account credentials; 41,000 FTP account credentials; 3,000 Remote Desktop credentials; and about 3,000 Secure Shell account credentials. They surmise the information was taken using keylogging software. An associated problem is most of the passwords are useless and many users use the same passwords across different websites. Both Facebook and Twitter have reportedly reset affected users’ passwords. (Reuters)(BBC)(Trustwave Spider Labs Blog)
