The passwords of nearly two million Facebook, Twitter, Gmail and LinkedIn users have been stolen in a massive hack that has occurred over the past month.
Researchers at a cybersecurity company called Trustwave have found that a virus is capturing login details for some of the internet’s biggest websites including Facebook and Gmail, reports CNN .
More than 93,000 sites have been compromised and Trustwave has made its research public showing the following, rather worrying, results of account details stolen:
318,000 Facebook accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo accounts
22,000 Twitter accounts
8,000 LinkedIn accounts
list also includes 7,978 from ADP, the payroll service provider. According to a Trustwave blog, “Payroll services accounts could actually have direct financial repercussions.”
The hacking began Oct. 21 and might still be taking place. According to reports Facebook, LinkedIn and Twitter have “notified and reset passwords for compromised users” however Google has “declined to comment”.
John Miller, a security research manager at Trustwave, told CNN, “We don’t have evidence they logged into these accounts, but they probably did.”
The majority of passwords were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the United States, which accounted for 859 reports from machines and 1,943 passwords, according to Trustwave. In all, just over 100 countries were affected, and Trustwave said this shows the attack is “fairly global.”
In compiling the data, Trustwave also discovered that many users are doing just what computer specialists advise against – using simplistic passwords that can easily be guessed. For instance, the top five passwords Trustwave found in researching the breaches were: 123456, 123456789, 1234, password and 12345.
According to its website, Trustwave helps businesses fight computer crime, protect data and reduce security risks.
The breaches operated through software maliciously installed on computers around the world, CNN reports Trustwave said. The virus borne from the software has been sending the stolen information over to a server in the Netherlands controlled by the hackers, according to CNN.
If you’ve had your details hacked, check out our three-step plan to what to next:
1. Change your password. Good tips for a strong password include something that should be long (Microsoft recommends at least eight characters), contains a mixture of upper and lower case plus numbers, and should be changed regularly. To check if your password has been compromised you can check at shouldichangemypassword.com
2. Assess the damage. Have a look around your account to see whether there has been any unusual activity. Look through your Sent Items folder to see if any spam has been sent from your account and let your contacts know what has happened to prevent their systems being compromised. Also check your settings to see if any emails you receive are automatically being forwarded – this is a sneaky way hackers get to see all of your emails. If you think your bank details have been stolen check your account activity and call the bank.
3. Check you have anti-virus software. If you don’t, go get yourself covered. You can buy anti-virus software from shops or download online. There are plenty of decent free options available. If you have anti-virus software already installed see if there are any updates you can run.