Thursday, December 5, 2013

2 million stolen passwords to Facebook, Gmail, Yahoo ... - Wyborcza.biz

Experts still lamenting – Internet users are in the nose safety, do not pay proper attention to passwords. From time to time louder data leak confirms them in this belief. Now they have another argument.

Analysts Trustwave company in the security software came upon the stolen logins and passwords for different websites.

server in the Netherlands

Data pool – 2 million from more than 90 countries around the world, mainly from the Netherlands, Thailand, Germany, Singapore, the USA and Russia. Analysts tracked down one of the servers on which the cybercriminals collect the data. This is located in the Netherlands. Have already been requested local authorities to it blocked. – We have no evidence that the hackers logged into the account. But probably they did – said John Miller of Trustwave. He said that such servers are more, but not yet tracked down.

Zombies

How hackers managed to steal your password? In the simplest terms – thanks keyloggerom. This type of malicious software that records and stores information about the keys that the user presses the computer. Power keyloggers is that they work in the background, save data files in the system folders such as. The average user has little chance for them to locate, especially if you have an antivirus program niezauktualizowany.

But to the hacker could use a keylogger, it must first infect your computer – say, for instance by spamming. And when sending such software hackers use botnets (in this case Pony botnet). A botnet is a network of zombie computers. In other words, a network of computers with internet access, which was installed malicious software (controlled externally) without the knowledge of the computer owner. Analysts say that the world is a few million zombie computers. This number can not be accurately estimated, because still growing. A zombie computers have power – in 2011, the FBI have shut down a botnet Zeus banking Trojan infected. Is a database of 4.5 million computers by which stolen approximately $ 70 million.

‘ve had worse

We’re going to stolen passwords. I do not know how old they are asked. Analysts at Trustwave predict that the discussed server collected them from the end of October this year. – “Age” passwords is irrelevant. Such data and so are very valuable in the cybercriminal underground market – says in an interview with Peter wyborcza.biz Kupczyk Kaspersky Lab Poland.

2 million is a lot or a little? Depends on your point of view. – On the one hand, a very much. We’re talking about the credentials used by real people, not random files on the disk. This can lead to identity theft online on a massive scale – says Piotr Kupczyk. On the other hand, the same chomikuj.pl last year 2 million stolen passwords. And in November this year with Adobe stolen bases as much as 150 million passwords and logins. Initially, the company was talking about 3 million, and later admitted that the scale is larger. A weak at fault database security Adobe. – If you look at it this way, those 2 million passwords that as much as anything. But each data leakage is a serious matter, regardless of the amount – says Piotr Kupczyk.

Facebook, Google, Yahoo!

Stolen passwords related to 93 thousand. websites. Approx. 318 thousand. of them came from Facebook. Another 70 thousand. – Gmail, Google and YouTube, 60 thousand. from Yahoo!. Also stolen passwords to Twitter, LinkedIn. The latter company, and Facebook already zresetowa?y password victims of the attack. Google and Yahoo! for now do not want to comment. John Miller points out that the most dangerous in all of this is a leak around 8 thousand. passwords to ADP – one of the largest companies in the world engaged in outsourcing HR and payroll functions. Because this password gives access to the money. ADP already reset the password and said that there were no reports of customers.

“123456″

Trustwave wypunktowa?a also the most frequently appearing in the pool password. The winner is the password “123456″ as used in the case of 15 thousand. victims of the recent leak. The most popular are also “123456789″, “password” or “admin”. – Unfortunately, people actually come up to the passwords as a necessary evil and often go to the sitter. The leak Adobe also this kind of password dominated. Leaks occurred and will occur, and such incidents should be treated as a lesson: DO NOT use passwords which – says Piotr Kupczyk. It is recommended that those who have problems with creating and remembering difficult passwords, using password managers. These take it on myself, and as a standalone application or as part of a larger computer program are well protected.

Weakest Link

how to defend themselves? There is no single proven method. Sometimes even advanced IT knowledge is not enough. A hacker wants to collect information from hiding. Can help specialized antivirus with the latest database. But, as argued by Peter Kupczyk, it is also important hygiene Informatics. – Do not click on links from emails uncertain, social networking, instant messaging. Avoid insecure websites. The weakest link in any security chain IT is a man – sums.

No comments:

Post a Comment