2 Million Google, Facebook, Twitter Credentials Hacked

Security experts have discovered a server storing more than 2 million accounts passwords from popular sites such as Facebook, Google, Yahoo, Twitter and LinkedIn, from users worldwide. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells.


According to web security firm Trustwave’s SpiderLabs, hackers have stolen login ID and passwords with the help of Pony malware across various sites, in the past month. More than 1.5 million user names and passwords are for the website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published by researchers from security firm Trustwave's Spider Labs.

Experts found out that over 15,000 of the 2 million people had used “123456.” Other popular combinations include “123456789,” “1234,” “password,” “12345,” “12345678,” “admin” and “1234.” Around 1,200 internet users have used the password “1,” which indicates that there are some services that don’t administer any type of password policy.

Trustwave wrote on its blog. "Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the medium category."