Evan ThomasSecurity researchers at Trustwave have uncovered a treasure trove of compromised web accounts in the course of tracking malicious software called Pony, which creates networks of infected computers to steal information.
The latest instance of Pony made off with some two million sets of account credentials — mostly for website logins from places like Facebook and Twitter, but including hundreds of thousands of logins for email accounts and file transfer services.
The researchers don't know exactly what methods Pony used to steal account info. One thing that's painfully clear to Gizmodo, though, is a huge proportion of those passwords weren't very secure to begin with.
"Somehow," Gizmodo says in its headline, "everyone's password is still '123456.'" And further analysis of the stolen passwords shows it doesn't get much better. The top five most frequent passwords of those two million could simply be guessed. 1,224 accounts used the password "1."
ZDNet says victims appear to be scattered around the globe, despite Pony using a proxy server to route all its traffic through web addresses in The Netherlands and disguise the true locations of its targets.
The researchers at Trustwave say they notified the affected companies before they published this report, but the responsibility for fixing the infected computers rests largely on the users' end.
In a statement to the BBC, Facebook said "it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their web browsers."
Facebook says it did notify those users with compromised accounts. It’s not clear if this instance of Pony is still active, or if other affected companies are taking countermeasures. If nothing else, it's a good excuse to go change your password.
