backtop


Print 11 comment(s) - last by Spookster.. on Dec 6 at 12:12 PM

Hackers managed to steal 2 million user passwords through the use of keylogging software

A major hack resulted in the theft of millions of passwords from websites like Facebook, Gmail and Yahoo
 
According to a new report from CNN, hackers managed to steal 2 million user passwords through the use of keylogging software. The hack began October 21 of this year.
 
Cybersecurity firm Trustwave said that hackers installed the keylogging software on an unknown number of computers around the globe. This software captures login credentials for websites and routes the information through a proxy server, making it impossible to know which computers have the virus.


Trustwave was able to track the server, which is located in the Netherlands. The firm found that 93,000 websites had their credentials compromised, with the top seven being Facebook (318,000 compromised credentials), Gmail/Google+/YouTube (70,000), Yahoo (60,000), Twitter (22,000), Odnoklassniki (9,000), ADP (8,000) and LinkedIn (8,000). 
 
Trustwave further found that some of the compromised data consisted of 41,000 credentials used to connect to File Transfer Protocol and 6,000 remote logins.
 
Trustwave notified the companies of the hack, which resulted in ADP, Facebook, LinkedIn and Twitter notifying and resetting passwords for compromised users. 
 
Make sure to stay protected by updating your antivirus software and downloading the most recent patches for Internet browsers, Java and Adobe.

Source: CNN



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

It wasn't a hack
By mattclary on 12/5/2013 1:30:21 PM , Rating: 5
They are citing keylogging software on user's machines.




RE: It wasn't a hack
By coburn_c on 12/5/2013 1:33:03 PM , Rating: 3
Yes.. the whole article is dubious, another bang up job from CNN.


RE: It wasn't a hack
By GulWestfale on 12/5/2013 4:44:48 PM , Rating: 2
if it is with computers, it's totally a hack, man. don't you know that with computers, you can even blow up old white delivery vans?


RE: It wasn't a hack
By Souka on 12/5/2013 7:26:20 PM , Rating: 2
quote:
Make sure to stay protected by updating your antivirus software and downloading the most recent patches for Internet browsers, Java and Adobe.


Yes... doing that will somehow protect my information on foreign servers from being hacked.

:)


RE: It wasn't a hack
By Flunk on 12/5/2013 1:37:25 PM , Rating: 2
'tis a worm at best and it's not the web site owner's problem.


RE: It wasn't a hack
By Neodude007 on 12/5/2013 2:49:09 PM , Rating: 2
So the users installed the keylogger themselves??? If all of the computers were public ones, it is not a hack. If they were infected through a virus (AKA a hack) and had a script install in the background then there was hacking involve IMHO.


RE: It wasn't a hack
By ritualm on 12/5/2013 3:40:23 PM , Rating: 2
Why hack when you can convince victims via social engineering to install malware for you?


RE: It wasn't a hack
By Neodude007 on 12/5/2013 4:32:51 PM , Rating: 2
Answer, if this was not sarcastic: Time efficiency
Your strategy is fantastic for targeting certain people though for sure.


RE: It wasn't a hack
By rs1 on 12/5/2013 6:31:09 PM , Rating: 2
It may be a hack, but I think the OP's point is that the data was not taken "from Facebook, Gmail, Twitter" or any other large provider as the article suggests at multiple points.

The account data was taken from users of these sites, because their local computers were compromised by the keylogger. This has nothing whatsoever to do with Facebook/Gmail/Twitter/etc., and there's little those sites could have done to prevent this kind of hack (perhaps they could all switch to two-factor authentication, but do you really want to have to jump through hoops just to log in to your Facebook account?).

Bottom line, no service providers were directly compromised here, and no information was taken from any website/service provider. Only end-user systems. Which makes the article very inaccurate.


RE: It wasn't a hack
By homebredcorgi on 12/6/2013 12:04:48 AM , Rating: 2
That also explains the article I saw showing that a very large amount of the passwords were "1234" or something similar. I'm betting there's a correlation between people that use those kinds of passwords and people that accidentally install key loggers on their machines.


This is misleading...
By Spookster on 12/6/2013 12:12:15 PM , Rating: 2
quote:
A major hack resulted in the theft of millions of passwords from websites like Facebook, Gmail and Yahoo.


That should say

quote:
A major hack resulted in the theft of millions of passwords FOR websites like Facebook, Gmail and Yahoo.


because they didn't hack the websites and steal the passwords. They collected the passwords from the users PCs who logged into the websites.




"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki