The great password theft: Where next for social media users?

Social media and online security haven’t exactly made great bedfellows of late. Anxiety from users over where their data is being shared, who is seeing it and how secure their accounts actually are, has heightened in recent weeks. The latest news about the theft of over two million passwords for Facebook, Twitter and LinkedIn accounts worldwide hasn’t exactly helped matters.

Cybercriminals behind the infamous Pony botnet, which has already compromised the security of thousands of computers worldwide, had managed to steal a multitude of passwords and other login credentials for social sites the world over and post them online. Although the reach of this attack has been global, over 96% of IP addressed affected were registered in the Netherlands.

Global scale
Although the sites most affected by the botnet were Facebook, Twitter, Yahoo and LinkedIn, other sites with more local and regional followings were compromised. Users of vk.com, one of the most popular social networks in Russia, found that their passwords had been taken and changed by those behind Pony. The attack saw a consistent number of passwords taken on a daily basis.

The botnet had managed to work by infecting unprotected devices with malware that came in the form of keylogger software. This then enabled the botnet to take passwords as they were being typed in, meaning that passwords were changed to help make logging in impossible for those affected. There was a common theme for most of the passwords stolen – simplicity.

Pushing the wrong buttons
Some prime examples of passwords stolen and published by the team of hackers behind Pony included ‘password’, ‘1234’, ‘123456’ and ‘1’. All of those make it easier for keylogging software to do its job and send out information to the botnet operators, stressing the importance of making passwords a little more complicated, but is that sufficient enough to guard against infection?

According to Andrew Mason, security expert for RandomStorm, the use of an endpoint security system should be the best possible way to help block out any threat of password theft.

“This just goes to show about the importance of endpoint security combined with a strong password. Even the strongest password is worthless if the endpoint it is being used on is either untrusted or trusted but insecure allowing a bonnet such as Pony to be run on it and the subsequent password key logger”, he said.

“Once the key logger is installed it is very easy to harvest usernames and passwords for whatever the user types in during the course of their normal day. By ensuring proper endpoint security and at a minimum patching and up to date AV deployment these types of attacks can be totally eliminated.

“The second area of concern from the article is the use of weak passwords. Again, without a strong password it makes the job of a hacker so much easier being able to use an automated tool to crack many passwords per second”, added Mr Mason.

INFOtainment News
Contributing authors to the INFOtainment News team. Let us know if you'd like to contribute as well.

More from author

Leave a Reply!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related posts

Advertisment

Categories

Latest posts

6 Stylish Watches From The Hublot Classic Fusion Series To Add To Your Collection

Hublot was founded in 1980 and is a Swiss luxury watch company built by an Italian entrepreneur, Carlo Crocco. The Hublot brand...

Protecting Your Business At All Costs Must Be Priority Number 1

Your business and making sure that it is protected should always be your number one priority. There is no reason that you...

What are Some Ideal Add-on Choices for Kodi Sports?

You can see that people are more enthusiastic about live streaming of content than watching the conventional TV channels filled with...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!