Cyber security experts have discovered an astounding 2 million stolen passwords to websites including Facebook, Google, Yahoo and Twitter from Internet users across the globe.
Researchers at Trustwave's SpiderLabs said they uncovered the credentials while surveying a server in Netherlands where cyber convicts were controlling a massive network of compromised computers called the "Pony botnet". Reuters reported on Wednesday that the company reported its findings of more than 90,000 websites and Internet service providers whose customers' data it found on the server.
The data included a whopping more than 326,000 Facebook accounts, about 60,000 Google accounts, over 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Data compromised included users from the U.S, Germany, Singapore and Thailand. Officials at Facebook and Twitter said that they have reset passwords of affected users. Meanwhile, Google declined to make any comment on the matter whereas Yahoo representatives could not be contacted.
A report published on the SpiderLabs blog showed that the most commonly used password in the set was '123456', nearly used in 16,000 accounts. Other common combinations used included 'password', 'admin', '123' and '1'.
Graham Cluley, an independent cyber security expert, adds that it is a very common scenario for people to use such simple passwords and that too for multiple accounts, even though they are extremely easy to figure out. “People are using very dumb passwords. They are totally useless,” he said.