Security researchers recently stumbled upon a malicious website that housed a cache of stolen FTP credentials.
The malicious domain, discovered last week by researchers at network security and management firm Blue Coat, housed a set of sensitive files, two of which contained a total of nearly 100,000 login and password combinations for a mixed batch of domains.
Another file contained 1,905 login and password combinations for the Servage.net domain, a provider that hosts more than 185,000 websites. And, a fourth file contained 197 credentials for a set of sites on the Russian narod.ru domain and several other Russian, Polish and Ukrainian web hosts.
Most of the logins – presumably used by webmasters – had "reasonably strong" passwords, Chris Larsen, a security researcher at Blue Coat, wrote in a blog post. One password in particular was a 39-character German phrase with a few numbers mixed in. Other passwords, however, were not as complex.
“Sadly, there were still quite a few ‘dictionary word' passwords and ‘simple numeric' passwords and other easily guessed ones, but these were a clear minority,” Larsen wrote.
Late last year an analysis of 32 million passwords obtained by a hacker who broke into the database of social networking application provider RockYou.com, revealed that the most commonly used password on the site was ‘123456.'
Stumbling on a booty of stolen credentials can be frustrating for researchers because there is not much they can do to notify those whose passwords have been stolen, Larsen said. The discovery, however, does provide an opportunity to remind webmasters that their FTP credentials should be protected and treated with as much care as banking credentials.
“Try to only use them from computers that are known to be secure,” he wrote. “The bad guys want your login.”
Besides the stolen credentials, researchers also discovered several known malicious executable files and an encrypted payload disguised as a GIF.
See original article on scmagazineus.com
Cache of stolen FTP credentials discovered
Most logins had "reasonably strong" passwords.
Add iTnews as your trusted source
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
.jpg&h=140&w=231&c=1&s=0)
Partner Content
AI is delivering business value today
Partner Content
Take control of your connectivity with Telstra’s Adaptive Networks Centre
Promoted Content
Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment
Sponsored Whitepapers
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
iTnews State of Security Breakfast
iTnews State of Data & AI Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
Security Exhibition & Conference
_(1).jpg&h=140&w=231&c=1&s=0)
