Researchers have uncovered a jaw-dropping (and deeply disturbing) database containing 2 million stolen login credentials -- both usernames and passwords -- associated with Facebook, Twitter, Google, Yahoo, LinkedIn, and other online services.
Even more troubling, many of the victims had the worst passwords ever, such as "123456" and "password." (Seriously, people?)
Here's what happened, why it happened, and how you can prevent it from happening to you:
A botnet called "Pony" collected sensitive information from users in as many as 102 countries, with folks in the Netherlands being targeted the most, reports CNET.
Though details are still emerging on how exactly it stole the 2 million passwords, security company Trustwave believes people's computers were attacked by hackers using malware to scrape information directly from their Web browsers.
Version 1.9 of the botnet is a keylogging type of malware that captures passwords and login credentials of infected users when they access applications and Internet sites.
Poor Password Habits Revealed
The investigation also uncovered users' incredibly atrocious password habits. According to CNET, "the most common passwords were '123456,' '123456789,' '1234,' and the word 'password.'" Sadly, that's not a joke.
Though many companies -- including Facebook, LinkedIn, and Twitter -- have reset affected users' passwords, consumers are cautioned to be proactive and create more secure passwords.
Tips for Stronger Passwords
To prevent your password from being cracked as easily as the "00000000" code to launch the United States' nuclear missiles, consider doing the following:
- Create a unique password. A strong password is long and contains numbers, upper-and-lower case letters, and $pec!@l ch@r@cter$.
- Use a password generator. If you're all tapped out of good password ideas, consider using a secure password generator.
- Change your password often. As annoying as changing a password is, it's a necessary evil. This is because even a strong, unique password can be compromised. If possible, try to change your password every 90 days.
Remember, a password is only as secure as you make it. Sorry, but "12345" and "password" are simply not going to cut it.
- Passwords reset after 'Pony' botnet stole 2 million credentials (PC World)
- Top 3 Tips to Protect Your Smartphone from Malware (FindLaw's Common Law)
- Twitter Hacking: 5 Ways to Prevent It (FindLaw's Law and Daily Life)
- What Is 'Spear-Phishing'? 3 Tips to Stay Safe (FindLaw's Law and Daily Life)