2-M web accounts compromised in massive hack

MANILA, Philippines – Nearly two million usernames and passwords from Facebook, Twitter and Gmail have been stolen by a massive hack this week, a report said.

According to researchers from cybersecurity firm Trustwave, the massive data infringement was a result of key logging software maliciously installed on an untold number of computers around the world.

Trustwave added that the virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

Researchers discovered compromised credentials over 93,000 websites including Facebook, Twitter, Gmail, Yahoo, YouTube, Google+, ADP, and Linkedln.

Trustwave said the server was located in the Netherlands.

Trustwave already posted their findings publicly and had already notified companies included in the massive hack.

“We don’t have evidence they logged into these accounts, but they probably did,” said John Miller, a Security Research Manager at Trustwave.

Facebook, Twitter, Linkedln, and ADP on a report said they have already notified and reset passwords for compromised users.

The hacking campaign, according to Miller, started secretly collecting passwords on Oct. 21, and it might be still ongoing. He added that although Trustwave discovered The Netherlands proxy server, there are still several other similar servers that they haven’t tracked down yet.

Related stories

Online sharing helps hackers sharpen ‘spears’

Tech Tips: Guide to protecting Internet accounts