2 million hacked usernames and passwords discovered in a massive online dump

spidemain3.png (1241×611)
Wanna guess how many passwords were "password"?

A team of Internet security researchers has stumbled upon a massive online cache of more than 2 million hacked email addresses, usernames, and passwords.

SpiderLabs, a division of online firm Trustwave that bills itself as an "elite team of ethical hackers, investigators and researchers," made the announcement Tuesday.

The majority of hacked accounts come from major sites: Facebook, Yahoo, Google, Twitter, LinkedIn, and Russian and eastern European social networking sites odnoklassniki and VK.

The thing that many of the hacked accounts had in common? Outrageously easy passwords. Tens of thousands of them had passwords like "12345," "1," "admin," and the ever-popular "password." As you'd expect, the fewer characters and complexity a password had, the more likely it was to end up on that list.

The passwords had been harvested by an enormous botnet referred to as a "Pony," which the BBC referred to as "probably run by a criminal gang." As this Pony's operators did a good job of covering their tracks, SpiderLabs couldn't confirm where the attackers were based, though the dump was written in Russian.

Illustration by Fernando Alfonso III

Promoted Stories Powered by Sharethrough
Crime
Indie author asks hackers to 'destroy' enemies
If there was ever any doubt that the literary world is every bit as rude and contentious as the society it pretends to be a refuge from, sites like Amazon and Goodreads have put it to rest. Especially in the cutthroat alleys self-publishing, where an author by necessity has to directly engage an audience without a real PR team, diplomatic relationships sour rather quickly—and the threats can begin to fly before you even put out a book.
From Our VICE Partners
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!