{"id":2616,"date":"2013-12-05T12:20:25","date_gmt":"2013-12-05T17:20:25","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2616"},"modified":"2020-02-26T18:58:02","modified_gmt":"2020-02-26T14:58:02","slug":"two-million-passwords-have-been-stolen-what-about-yours","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/two-million-passwords-have-been-stolen-what-about-yours\/2616\/","title":{"rendered":"Two million passwords have been stolen. What about yours?"},"content":{"rendered":"

Any of your passwords, be it for email, social networks or online banking hold value for cybercriminals, because almost any stolen account can be used in fraud schemes. It\u2019s no wonder password theft is so widespread nowadays. Sometimes thieves steal passwords directly from major company\u2019s servers<\/a>, and sometimes they steal from end users\u2019 machines. Security researchers recently discovered a major database containing about two million various passwords<\/a>, collected by Pony botnet. The malware associated with this botnet infects a computer, gathers all available (saved) passwords from web browsers, email and FTP clients, and sends all data to cybercriminals, using proxy servers to hide a final destination.<\/p>\n

\"2mil\"<\/a><\/p>\n

In this most recent hack, criminals gathered passwords from the following major services: Facebook, Yahoo, Gmail, Twitter, Linkedin and Russian-specific social networks Odnoklassniki and Vkontakte.<\/p>\n

Considering the large scale of this incident, users of the above mentioned services should think about whether or not their passwords are okay.<\/p>\n

In order to have your Gmail or Facebook account stolen, it\u2019s not necessary to become a target for a malware attack. Maybe you\u2019ve just checked your inbox using your friend\u2019s PC or a public terminal in a hotel or an airport. If this PC was infected, one of your passwords is in the possession of a hacker now. This could be quite unpleasant by itself, but the problem will become even worse if you have a habit of re-using the same password for multiple online services. It doesn\u2019t take a genius to try to obtain the login and password combination alex@gmail-com \/ 123456 to log into Facebook or Twitter. Unfortunately, this works way too often. According to a survey conducted by B2B International this summer, 39% of users use only a handful of passwords to access all or their accounts, i.e. the same password is used on multiple sites<\/a>.<\/p>\n

According to a survey conducted by B2B International this summer, 39% of users use only a handful of passwords to access all or their accounts, i.e. the same password is used on multiple sites.<\/div>\n

As password theft happens more often, this habit has become even more dangerous, especially if you consider that your daily routine now includes persistent access to financial transactions \u2013 from classical online banking to fund transfers using Gmail attachments. That\u2019s why a seemingly innocent Twitter password theft might eventually lead to the loss of real money.<\/p>\n

To sort this out, all of us must take one important step \u2013 change your old passwords, making sure that each online account is protected with its own, unique password. If you have a hard time remembering multiple passwords, you can use special software like password manager<\/a>, which is able to store your passwords in encrypted form. The luxury of re-using the same password over and over again is now a part of \u201cthe good old Internet times\u201d. To avoid further password theft, follow the advice of Aleks Gostev, Chief Security Expert at Kaspersky Lab:<\/p>\n