2 Million Passwords Reportedly StolenFacebook, Other Social Media Sites Targeted
Hackers have pilfered some 2 million user passwords and credentials for Facebook and other social media and Internet sites, according to IT security provider Trustwave.
See Also: Splunk Predictions 2020
A Dec. 4 blog from Trustwave's SpiderLabs says the attack emanated from a single IP address in the Netherlands that functions as a gateway or reverse proxy between the infected machines and the Dutch-based command-and-control server.
"This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down - outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down," Trustwave security researchers Daniel Chechik and Anat Davidi write in the blog. "While this behavior is interesting in-and-of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any."
Still, the security researchers say, hackers attacked computers in about 100 countries.
The hacking campaign, which started Oct. 21 and was discovered Nov. 24, might be continuing, Trustwave Security Research Manager John Miller tells CNN.
Trustwave notified the affected companies of the breaches. "We don't have evidence they [hackers] logged into the accounts, but they probably did," Miller says.
Scope of Attack
The researchers say they hackers stole 1.58 million web login credentials, 320,000 e-mail credentials, 41,000 FTP account credentials, 3,000 remote desktop credentials and 3,000 secure shell account.
The majority of the stolen passwords - 59 percent - were associated with Facebook followed by Google (13 percent); Yahoo (11 percent); Twitter (4 percent); Odnoklassniki, a Russian social media site (2 percent); LinkedIn (2 percent); ADP, a payroll services company (1 percent); and VK, a European social media site (1 percent)
According to CNN, Facebook, LinkedIn and Twitter have notified customers and reset passwords for compromised users. Google declined to comment and Yahoo did not provide immediate responses, CNN says.
Miller tells CNN that he is most concerned about the ADP hack because its log-ins are used to manage workers' paychecks. "They might be able to cut checks, modify people's payments," Miller says. ADP, in a statement, told the news outlet that "to (its) knowledge, none of ADP's clients has been adversely affected by the compromised credentials."