Malware has captured login credentials from more than 2 million users worldwide on Twitter, Facebook, Google, Yahoo and LinkedIn, reports Mashable.
A new report from web security firm Trustwave shares that hackers have been using Pony malware to steal usernames and passwords across these sites.
Abby Ross, a spokesperson for Trustwave, told Mashable,
“Although these are accounts for online services such as Facebook, LinkedIn, Twitter and Google, this is not the result of any weakness in those companies networks. Individual users had the malware installed on their machines and had their passwords stolen. Pony steals passwords that are stored on the infected users’ computers as well as by capturing them when they are used to log into web services.”
Here are the facts important to know:
– Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%).
– The stolen credentials were never publicly posted online.
– Most of the hacked passwords were considered “poor” – too short, too simplistic (e.g. “password”), too obvious (the user’s birthdate).
What you can do:
– If your password was directly compromised, you’ll likely hear from that particular social network.
– Make sure to strengthen every password you use, with special characters, a mix of capital and lowercase, and make them long and differentiated among your various accounts.
– Reference our 5 Tips For Protecting Your Twitter Account From Hackers.
With digital hacks more rampant than ever, it feels a little like there’s nowhere to hide online. Just make sure you’re doing everything you can to Fort-Knox-ify your social media accounts by enabling two-step verification, always logging out, monitoring third-party app permissions and staying attuned to any news about hackings. See, you’re already putting your best foot forward by reading this post!