A hacker has stolen more than 2 million passwords for users of various services including Facebook, Gmail, Twitter, Yahoo, and LinkedIn, according to the security firm Trustwave.
The attack was done on user’s computers from over 92 countries using keylogging software to record their logins and user passwords as they were typed. The companies have been alerted and have reset passwords of various users.
The keylogger tool was a version of the Pony botnet controller, a malicious piece of software that has been proliferating since its source code was published. The botnet controller is mainly being used to steal passwords, according to Trustwave researchers.
Avoid using Password or 123456 in your password
A look at the passwords shows a keylogger may have been overkill, however. Trustwave reports that the most common passwords were “123456,” “123456789,” “1234,” and “password.”