Facebook, Twitter, and others reset user logins after hacker steals 2 million passwords

hacking stock 640

A hacker has netted more than 2 million passwords for users of major services including Facebook, Gmail, Twitter, Yahoo, and LinkedIn, according to the security firm Trustwave.

The attacker installed keylogging software on users' computers in 92 countries, recording their logins and user passwords as they were typed.

The companies themselves were not breached, but ADP, Facebook, LinkedIn, and Twitter have reset passwords and alerted compromised users, CNNMoney reports.

The keylogger tool was a version of the Pony botnet controller

The keylogger tool was a version of the Pony botnet controller, a malicious piece of software that has been proliferating since its source code was published. The botnet controller is mainly being used to steal passwords, according to Trustwave researchers.

This time, whoever was behind the attack got around 1.5 million website login credentials, 320,000 email account credentials, 41,000 FTP credentials, 3,000 remote desktop credentials, and more.

A look at the passwords shows a keylogger may have been overkill, however. Trustwave reports that the most common passwords were "123456," "123456789," "1234," and "password."

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,




Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.