Hackers Stole 2M Facebook, Google Passwords: How to Protect Your Accounts

The computer security firm Trustwave suspects the malware program 'Pony.'

ByABC News

December 5, 2013, 11:09 AM

Dec. 5, 2013 -- Any time you logged into Facebook, Google, Twitter, or a host of other popular web services the past month, there may have been a hacker peering over your digital shoulder, sneaking a peek at your password.

The information security company Trustwave has revealed that the passwords to 2 million different accounts have been compromised. The malware program Pony forwarded the vast majority of the passwords to a central server in the Netherlands.

John Miller, security research manager at Trustwave, said that the hack wasn't due to a flaw in any of those company's servers. "It was the individual users' computers that had the malware installed on their machine," he told ABC News. He adds that the unnamed hackers were most likely motivated by profit. "These passwords were never publicly posted. We can't say for sure, but [the hackers] were probably going to sell them."

9 Things You Need to Do When Your Email is Hacked

Many of the services whose users were affected have already taken action. "They may not necessarily inform users with an email," said Miller. However, he adds that affected users will be asked to reset their password after logging into their account.

Trustwave analyzed the passwords that were compromised in the hack and saw some of the trends usually associated with bad password security. The most common password was 123456. In addition, nearly half of all passwords used a single character type, such as all lowercase letters or all numbers.

7 Countries That Hack Us Every Day

"For a better password, we recommend a mix of uppercase, lowercase, numbers, and special characters," said Miller. "We also recommend using longer passwords of 16 or more characters, as well as using different passwords on different websites."

But even the most secure password wouldn't have been safe from the Pony malware. To that end, Miller said to practice good browsing habits. "Keep your anti-virus software up to date and make sure your browsers are updated and patched to the latest version," he said.

And above all, don't click that suspicious looking link in your email. "Pony is sent through spam links," said Miller.

Top Stories

House Democrats help Johnson avoid foreign aid bills defeat, despite GOP defections

Apr 19, 12:36 PM

Trump hush money trial: Judge sets opening statements for Monday

Apr 19, 5:15 PM

New York AG asks court to reject Trump's $175M bond for civil judgment

Apr 19, 9:12 PM

Nothing to see here: US, Israel go radio silent on strike against Iran

Apr 19, 2:32 PM

Savannah Chrisley talks about the fate of her parents Todd and Julie

Apr 19, 6:48 PM

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events