Security researchers have unearthed a huge trove of hijacked user accounts while unrolling a botnet controller called Pony.
Trustwave Spiderlabs have discovered multiple instances of Pony and say that one such botnet has stolen log in credentials for around two million accounts.
Most of the compromised log in details come from Facebook, but also Yahoo, Google, Twitter, LinkedIn and Russian social network sites vk.com and odnoklassniki.ru.
However, independent security expert Graham Cluley notes that thousands of credentials for payments provider ADP were included in the stash, warning that there could be "financial repercussions for companies concerned."
Cluley says users should turn on two-factor verification and Facebook's login notifications and approvals to protect themselves from account hijackings.
The attack is "fairly global", Spiderlabs said, with 93 countries represented in the geo-located list of Internet Protocol addresses for victims' computers that the researchers put together.
Many of the passwords harvested were very simple using few different characters, with the most common one being "123456" Spiderlabs said.
_(36).jpg&h=140&w=231&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
Huntress _declassified Virtual Event
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
_(1).jpg&h=140&w=231&c=1&s=0)
