Passwords belonging to two million accounts have been stolen from social media sites including Facebook, Twitter, and Yahoo and have been posted online by those responsible. While the vast majority of the stolen passwords are related to accounts with IP addresses located in the Netherlands it was a global attack and accounts worldwide have been compromised. Facebook has been affected the most with 57% of the total passwords coming from the social network, Yahoo passwords make up 10% of the total and Twitter got off relatively lightly with less than 4%.
It is believed that the passwords were stolen by ‘keylogger’ software, which gains access to a user’s computer via a malicious website or compromised download. This software then records all keystrokes and relays them back to the attacker, allowing them access to the account. This particular attack took place over a number of weeks and accumulated a number of account details per day. Researchers employed by security group Trustwave found the cache of stolen passwords, which have been analysed for research purposes to see which passwords were most commonly used.
They found that of the top 10 passwords stolen the top three were variations of ‘12345’, ranging from 4 digits to 9. Other similarly terrible passwords include ‘password’, ‘admin’ or simply ‘1’ and the overall strength of most passwords were also unsurprisingly weak – 6% were classed as ‘terrible’ whereas only 5% were ‘excellent’, almost 30% were considered ‘bad’ and a mere 17% were ‘good’. Over 40% of the passwords were in the medium spectrum, which includes most passwords with 4-8 characters and multiple character types.
To ensure your accounts are secure you should regularly change your password and try not to use the same one for multiple websites. It is recommended to have a password consisting of at least 12 characters using upper case and lower case characters and numbers or symbols.