(Dec. 5, 2013)— According to a report today from security firm Trustwave, over two million user passwords for social media sites were compromised, including Facebook, Google, Twitter and LinkedIn. The password information was posted on a Russian website and contained personal login information.
Are you using secure passwords for your social media or other accounts?
Trustwave claims a large number of compromised passwords were weak, including those such as: “password,” “1234,” and “123456.” Does this sound familiar?
If you’re using an unsecure, weak password, it’s time to ensure all your passwords are complex and secure.
The report revealed that 1,580,000 website login credentials and 320,000 email account credentials were stolen from users across the world. The massive data breach was caused by cybercriminals using keylogging software that was installed by criminals on multiple computers around the world. Keylogging software records the pressed keys from a user’s computer. Over the past month, the malicious software captured login credentials for websites; usernames and passwords were sent to a server controlled by the hackers.
Trustwave notified the companies impacted by the breach. Facebook, LinkedIn, and Twitter have also notified users whose passwords were compromised and their passwords were reset. However, Google declined to comment and Yahoo hasn’t yet responded to the notification. While Google refused to comment, the company encouraged users to read up on their account protection features.
As a social media user, consider the security of your passwords and accounts. When possible, enable additional security features such as two-step authentication.
A Facebook spokesperson stated: “Facebook takes people’s information security extremely seriously and we work hard to protect it. While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers.”
LinkedIn also commented on the breach: ‘’LinkedIn proactively seeks out credentials dumped on the Internet by hackers as well as credentials gathered by malware; we then compare the credentials to those of our members and any matches result in immediate invalidation of those passwords,” a LinkedIn spokesperson told Global News.