Social Media Hacked Again…

Once again I find myself hashing out the same information about social media sites being hacked and user accounts being released into the wild. This time 2 million accounts are compromised and their details are posted online. The list breaks down to the following top 10 list.

1) www.facebook.com 318,121 accounts compromised
2) login.yahoo.com 59,549 accounts compromised
3) accounts.google.com 54437 accounts compromised
4) twitter.com 21,708 accounts compromised
5) www.google.com 16,095 accounts compromised
6) www.odnoklassniki.ru 9,321 accounts compromised
7) www.linkedin.com 8,490 accounts compromised
8) th-th.facebook.com 8,008 accounts compromised
9) agateway.adp.com 7,978 accounts compromised
10) vk.com 6,867 accounts compromised

Most of those are self explainatory as popular websites. The 3 that most people won’t recognize are vk.com and odnollassniki.ru, which are social networking sites aimed at Russian speaking people, and adp.com, which is a payroll service provider.

Most of the attacks (96.66%) the command and control center for the botnet resolved to the Netherlands.

I find it very alarming is that even though this happens all the time, people don’t change their habits. What I mean is people are still using very simple passwords for these extremely large and popular social networking sites (or anywhere for that matter). Here is the breakdown the of the Top 10 passwords found during this attack.

1) ‘123456’ used on 15,820 accounts
2) ‘123456789’ used on 4,875 accounts
3) ‘1234’ used on 3,135 accounts
4) ‘password’ used on 2,212 accounts
5) ‘12345’ used on 2,094 accounts
6) ‘admin’ used on 1,991 accounts
7) ‘123’ used on 1,453 accounts
8) ‘1’ used on 1,224 accounts
9) ‘1234567’ used on 1,170 accounts
10) ‘111111’ used on 1,046 accounts

While it remains true that malware (Pony Botnet) was used to compromise these accounts, it would not technically matter if your password was ‘123abc’ or ‘AhsadfS9903!!6jhsgdh!’, you still would have lost it. But this is a refection of a broad problem.

I will be posting some information in regards to information sharing in some upcoming blogs.