Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.
The
massive data breach was a result of keylogging software maliciously installed
on an untold number of computers around the world, researchers at cybersecurity
firm Trustwave said. The virus was capturing log-in
credentials for key websites over the past month and sending those usernames
and passwords to a server controlled by the hackers.
On Nov.
24, Trustwave researchers tracked that server, located in the Netherlands. They
discovered compromised credentials for more than 93,000 websites, including:
- 318,000 Facebook (FB, Fortune 500) accounts
- 70,000 Gmail, Google+ and
YouTube accounts
- 60,000 Yahoo (YHOO, Fortune 500) accounts
- 22,000 Twitter (TWTR) accounts
- 9,000 Odnoklassniki accounts
(a Russian social network)
- 8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted
2,400)
- 8,000 LinkedIn (LNKD)accounts
Trustwave
notified these companies of the breach. They posted their findings publicly on
Tuesday.
"We
don't have evidence they logged into these accounts, but they probably
did," said John Miller, a security research manager at Trustwave.
The scary
reality of hacking infrastructure
ADP,
Facebook, LinkedIn and Twitter told CNNMoney they have notified and reset
passwords for compromised users. Google (GOOG, Fortune 500) declined to comment. Yahoo did not
provide immediate responses.
Miller
said the team doesn't yet know how the virus got onto so many personal
computers. The hackers set up the keylogging software to rout information
through a proxy server, so it's impossible to track down which computers are
infected.
Among the
compromised data are 41,000 credentials used to connect to File Transfer
Protocol (FTP, the standard network used when transferring big files) and 6,000
remote log-ins.
The
hacking campaign started secretly collecting passwords on Oct. 21, and it might
be ongoing: Although Trustwave discovered the Netherlands proxy server, Miller
said there are several other similar servers they haven't yet tracked down.
Want to
know whether your computer is infected? Just searching programs and files won't
be enough, because the virus running in the background is hidden, Miller said.
Your best bet is to update your antivirus software and download the latest
patches for Internet browsers, Adobe (ADBE) and Java.
Of all
the compromised services, Miller said he is most concerned with ADP. Those
log-ins are typically used by payroll personnel who manage workers' paychecks.
Any information they see could be viewed by hackers until passwords are reset.
"They
might be able to cut checks, modify people's payments," Miller speculated.
But in a
statement, ADP said that, "To [its] knowledge, none of ADP's clients has
been adversely affected by the compromised credentials."
Source: CNN
No comments:
Post a Comment