Skip to main content

Two Million Facebook, Twitter, Google and Yahoo Accounts Compromised

By December 5, 2013March 7th, 2023Blog, Cybersecurity

1383851_ring_the_bell_pictogramA report released late last week indicated that a number of passwords, upwards of two million, have been stolen from the world’s most popular websites using a malicious keylogging software.

The websites themselves, which included Google, Yahoo, Twitter and Facebook, have not been compromised individually or as a group. However, security firm Trustwave says that the virus went undetected by all anti-virus programs for the past 30 to 60 days while it silently sent account usernames and passwords to several servers controlled by a hacking team. Trustwave is unsure of how large the team of hackers is at the time, though they have located one of the servers in the Netherlands.

On the server, they found over two million login usernames and passwords. In total, they located the credentials for 93,000 websites. The breakdown of the majority of what they found is below:

Facebook (318,000)
Gmail, YouTube, and Google+ (70,000)
Yahoo (60,000)
Twitter (22,000)
Odnoklassniki (similar to Facebook, but based in Russia, 9,000)
ADP (8,000)
LinkedIn (8,000)

Trustwave has no idea if the hacking group logged into these accounts, but they assume they did as all passwords and emails came unhashed because the virus was a keylogger, not an infection of the website.

Several of the companies have already sent out reset requests to the compromised users, such as Twitter and Facebook. However, Google and Yahoo have yet to take any precautionary steps.

Currently, it’s impossible to tell which computers are infected and which are not since the malicious software went through a proxy server. Trustwave says that while they shut down the first server they found, the project is ongoing, and there are at least two to three additional servers running the keylogging software that are still collecting data from millions of other computer users.

Am I Infected? What Do I Do?

Since the virus is hidden and running in the background of your computer, you’ll need to download a trustworthy antivirus immediately (or update your definitions). In addition, browser patches have been released that counter the virus, so they should be downloaded and installed as well.

It’s especially important you change your password for ADP, as hackers can view your paystubs, social security numbers, and more private details by simply logging into these accounts and downloading your paystub information. Trustwave says they may be even able to modify your payments and take part of your pay as long as they have access to your account. However, changing your passwords on all of your main websites, especially if your virus protection discovers you are infected, is essential.

Unfortunately, this is not the end of this particular virus, so keep your virus definitions up-to-date. In addition, changing your password every few months as a precaution is advised.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.