2 million Facebook, Gmail and Twitter passwords stolen in massive hack

EnigmaO01 · Dec 4, 2013

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites, including:

318,000 Facebook (FB, Fortune 500) accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo (YHOO, Fortune 500) accounts
22,000 Twitter (TWTR) accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
8,000 LinkedIn (LNKD)accounts

Trustwave notified these companies of the breach. They posted their findings publicly on Tuesday.

"We don't have evidence they logged into these accounts, but they probably did," said John Miller, a security research manager at Trustwave.

2 million Facebook, Gmail and Twitter passwords stolen in massive hack - Dec. 4, 2013

Kind of angers me that I deleted my Facebook account months ago but it was reactivated without my permission during the time period that the hacks were taking place. The wife checked and it wasn't just a temporary deactivation. I actually deleted it.

I hope this doesn't effect the folks on here with the above accounts negatively.

Mr. Invisible · Dec 4, 2013

Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.

EnigmaO01 · Dec 4, 2013

Mr. Invisible said:
Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.

I wonder if something totally hack proof is even possible. I mean the CIA, FBI, Pentagon etc. have been hacked.

American · Dec 4, 2013

How do those numbers add up to 2 million?

American · Dec 4, 2013

EnigmaO01 said:
I wonder if something totally hack proof is even possible. I mean the CIA, FBI, Pentagon etc. have been hacked.

Whose hacking the NSA?

Ray410 · Dec 4, 2013

Very timely. Could this be the MSM's way of saying "See, the Obamacare website isn't so bad after all."

EnigmaO01 · Dec 4, 2013

American said:
How do those numbers add up to 2 million?

My guess is not everyone was hacked.

EnigmaO01 · Dec 4, 2013

Ray410 said:
Very timely. Could this be the MSM's way of saying "See, the Obamacare website isn't so bad after all."

Wow talk about politics on the brain.

Anomalism · Dec 4, 2013

American said:
Whose hacking the NSA?

Edward Snowden.

TheNextEra · Dec 4, 2013

American said:
Whose hacking the NSA?

China

American · Dec 4, 2013

TheNextEra said:
China

It's a circle hacking.

Deuce · Dec 4, 2013

Mr. Invisible said:
Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.

Um, no, the security breach was on the user end, not the company.

Fenton · Dec 4, 2013

TheNextEra said:
China

Exactly. I talked to a buddy who works at Johnson Space Center who's been in IT for years. He said it wasn't unusual for Countries to bait hackers and feed them corrupted information, or allow some access, so that they could better counter act the algorithms and tactics used by the hackers.

He didn't think that the Chinese or the Russians or any one else had accessed super secret military data because of the use of a purpose built hard-line that they used to access those servers that is being monitored around the clock by programs and personal .

Anomalies are dealt with in a micro second but who knows.

Fisher · Dec 4, 2013

American said:
Whose hacking the NSA?

I recall hearing something on the news about it recently--Anonymous maybe had found some contractor backdoors. I don't recall exactly now who it was, but I think the big A.

Mr. Invisible · Dec 4, 2013

Deuce said:
Um, no, the security breach was on the user end, not the company.

Either way, better security is needed.

Carjosse · Dec 4, 2013

Mr. Invisible said:
Either way, better security is needed.

I don't know how you do that, it is the users own fault.

reinoe · Dec 4, 2013

Carjosse said:
I don't know how you do that, it is the users own fault.

Exactly. One bad download that anti-virus didn't pick up and this could have given the "hackers" access. It's like blaming Nigerians for people dumb enough to fall for those Nigerian Prince scams. At some point it's user error.

Mr. Invisible · Dec 5, 2013

Better security and caution is needed on the part of the user.

reinoe said:
Exactly. One bad download that anti-virus didn't pick up and this could have given the "hackers" access. It's like blaming Nigerians for people dumb enough to fall for those Nigerian Prince scams. At some point it's user error.

PeteEU · Dec 5, 2013

EnigmaO01 said:
Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites, including:

318,000 Facebook (FB, Fortune 500) accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo (YHOO, Fortune 500) accounts
22,000 Twitter (TWTR) accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
8,000 LinkedIn (LNKD)accounts

Trustwave notified these companies of the breach. They posted their findings publicly on Tuesday.

"We don't have evidence they logged into these accounts, but they probably did," said John Miller, a security research manager at Trustwave.

2 million Facebook, Gmail and Twitter passwords stolen in massive hack - Dec. 4, 2013

Kind of angers me that I deleted my Facebook account months ago but it was reactivated without my permission during the time period that the hacks were taking place. The wife checked and it wasn't just a temporary deactivation. I actually deleted it.

I hope this doesn't effect the folks on here with the above accounts negatively.

What the article does not mention (as far as I can see) is the fact that this is not a "hack" per say. It is users who are idiots.

Why? Because these are accounts that used the following passwords..

password
1
1234
123456789
god

and so on and so on.

To be frank, they deserved to be hacked.

PeteEU · Dec 5, 2013

Mr. Invisible said:
Well, this is somewhat worrying. Shows that the aforementioned companies need to have more/better security.

No,... They were not breached. It was users with weak ass passwords. Since most login names are peoples email addresses, then you only have to guess the password. And when people use passwords like 12345678 then well. Companies actually are now stating that new passwords have to a letter, capital letter and number in it, and that helps security a lot.

EnigmaO01 · Dec 5, 2013

PeteEU said:
No,... They were not breached. It was users with weak ass passwords. Since most login names are peoples email addresses, then you only have to guess the password. And when people use passwords like 12345678 then well. Companies actually are now stating that new passwords have to a letter, capital letter and number in it, and that helps security a lot.

Didn't the link say the hackers had some kind if keystroke program that could literally follow each keystroke of the user? If that's the case I'm not sure it matters how sophisticated the password is.

PeteEU · Dec 5, 2013

EnigmaO01 said:
Didn't the link say the hackers had some kind if keystroke program that could literally follow each keystroke of the user? If that's the case I'm not sure it matters how sophisticated the password is.

Found: Hacker server storing two million pilfered passwords | Ars Technica

A more factual recount of the issue.

Simon W. Moon · Dec 5, 2013

American said:
Whose hacking the NSA?

Who would say?

DA60 · Dec 5, 2013

Facebook = Friendface.

Kreton · Dec 5, 2013

peteeu said:
what the article does not mention (as far as i can see) is the fact that this is not a "hack" per say. It is users who are idiots.

Why? Because these are accounts that used the following passwords..

Password
1
1234
123456789
god

and so on and so on.

To be frank, they deserved to be hacked.

stop sharing my passwords!!!

2 million Facebook, Gmail and Twitter passwords stolen in massive hack

EnigmaO01

Mr. Invisible

A Man Without A Country

EnigmaO01

American

Trump Grump Whisperer

American

Trump Grump Whisperer

Ray410

EnigmaO01

EnigmaO01

Anomalism

TheNextEra

American

Trump Grump Whisperer

Deuce

Outer space potato man

Fenton

Fisher

Mr. Invisible

A Man Without A Country

Carjosse

Sit Nomine Digna

reinoe

Mr. Invisible

A Man Without A Country

PeteEU

PeteEU

EnigmaO01

PeteEU

Simon W. Moon

DA60

Kreton

Doesn't know