There are no active ads.


2 Million Stolen Passwords For Facebook, Yahoo, Google Found in Botnet Server

by Todd Haselton | December 4, 2013December 4, 2013 12:30 pm PST


Trustwave SpiderLabs has been digging through the source code of the Pony Botnet Controller, and what the firm found may scare you. Apparently the Botnet’s server was home to more than two million compromised accounts, including passwords for major Internet sites such as Facebook, Yahoo, Google, Twitter, LinkedIn and others.

According to SpiderLabs, the data includes 1,580,000 login credentials, including usernames and passwords, 320,000 email logins, 41,000 logins for FTP servers, 3,000 accounts for remote desktop clients and 3,0o00 secure shell client logins. There were 318,121 passwords leaked for Facebook alone, 59,549 passwords for Yahoo, and 54,437 Google passwords on the server. Most of those affected may be Russian speakers living in the Netherlands.

“You can also spot the notable presence of and, two social network websites aimed at Russian-speaking audiences, which probably indicates that a decent portion of the victims compromised were Russian speakers,” the security firm says, noting that the attack seems to have been targeted at the Netherlands, though 92 countries in total were affected.

The top 10 passwords discovered by the Botnet were fairly obvious, and include, in order of popularity:”123456,” “123456789,” “1234,” “password,” “12345,” “12345678,” “admin,” “123,” “1,” “1234567” and “111111.” Most of the passwords leaked only used one type of character, such as only letters or only numbers, and few had four different types of characters in the password.

In other words, take this as a lesson: first, change your passwords regularly to be safe. Second, don’t make them super obvious or easy to crack. The full report can be found in the source below.

SpiderLabs ZDNET

Todd Haselton

Todd Haselton has been writing professionally since 2006 during his undergraduate days at Lehigh University. He started out as an intern with...