Cyber criminals stole usernames and passwords for about two million accounts registered with Gmail, Facebook, Yahoo, Twitter and others, according to a report released these days.
On 24 November 2013, Trustwave tracked down the troubling server which is reportedly hosted in the Netherlands. The researchers found compromised credentials for more than 93,000 websites:
318,000 Facebook (FB, Fortune 500) accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo (YHOO, Fortune 500) accounts
22,000 Twitter (TWTR) accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
8,000 LinkedIn (LNKD)accounts
Trustwave informed these corporations about of the data breach. They published their discovery on Tuesday.
“We don’t have evidence they logged into these accounts, but they probably did,” said John Miller, a security research manager at Trustwave.
According to CNN, Facebook, LinkedIn, ADP and Twitter have notified and reset passwords for compromised users. Google (GOOG, Fortune 500) refused to make comments and Yahoo did not give an immediate answer.
Miller revealed that the team doesn’t yet know how the virus took over such an overwhelming number of personal computers. The hackers set up the keylogging software to send information through a proxy server, therefore it is impossible to trace the infected computers.
The compromised data included also 41,000 credentials empoyed to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6,000 remote log-ins.
The hacking attack began apparently on October 21 and it might still be going on. Though Trustwave discovered the Netherlands proxy server, Miller said there are some other identical servers that haven’t been tracked down so far.