Have you ever considered having the combination “123456” as your Gmail, Twitter, or Google account’s password? If you have, reconsider your key combination, because it has being found that it is the most common password set by users. According to Trustwave, a web security firm based in Chicago that specializes in cybercrime and data protection, the lucky number has being selected in nearly 16,000 accounts across the world! And the worst is yet to come, for all those thousands of accounts have been already jacked by web criminals.
2 million passwords… All stolen!
Security experts have recently uncovered a group of 2 million stolen passwords from users around the world, which includes Google, Twitter, Yahoo, and Facebook accounts. The treasure finders were researchers working for the web security firm Trustwave. In a blog post outlining its findings, the professional team said it believed the stolen account passwords had been gathered by a large botnet, called Pony that has stolen information from thousands of infected computers worldwide.
A botnet refers to a network of machines controlled by criminals with the help of malicious software that has being installed onto computers without the owner’s consent or knowledge. These kind of digital networks are often used by web criminals to steal a great amount of personal data, which can be sold to others afterwards or held to ransom. This time, the big move involved log-in information for popular renowned social networks. The web crimilas’ site, written in Russian, claimed to offer 318,121 password and username combinations for Facebook. In addition, other providers such as LinkedIn, Google, Twitter, and Yahoo had entries in the database, as well as Russian-language sites like VKontakte and Odnoklassniki.
The web security firm informed that is had notified the services and sites about the stolen account passwords prior to posting the blog entry. Twitter and Facebook informed that they have reset the passwords of affected users. Furthermore, Facebook explained that this security risk was due to the infected user machines and that was not its responsibility. The social network recommended users to protect their accounts by activating Login Notifications and Login Approvals in the security settings. With this option activated, users will be notified when anyone tries to access their personal account from an unrecognized device or browser and new logins will therefore require a unique passcode generated on the account owner’s mobile phone.
Another relevant finding shared by Trustwave was a list of commonly used words among the stolen account passwords, which included words such as “password”, “admin”, “123” and “1”. According to Graham Cluley, a specialized security researcher, these passwords are useless. He also unveiled that 30 to 40 percent of people use the same passwords on different networks and websites, which is equally precarious.