SpiderLabs, a security team that’s part of the security company Trustwave, reports that they have found over 2 million stolen credentials available for sale on the Internet.
Included in the massive collection are credentials from the payroll provider ADP, Facebook, Google, Yahoo, Twitter, and LinkedIn. Most appear to have been stolen with a piece of malware that searches systems for likely looking stored accounts and passwords as well as watching browser activity and recording logins as they occur. The captured info is then sent off to the bad guys for cleanup and ultimate sale.
The most common password? 123456
The malware causing all this havoc would be stopped by keeping computers and browsers patched and up to date, and of course keeping anti-virus software updated.
If you’re concerned about any of the above accounts you use, this might be a good time to change those passwords.
Keep your organization’s and personal computers updated and please ask you users to come up with passwords that at least make it a bit harder for the thieves. A good guideline is to use at least 8 characters, a mixture of uppercase and lowercase, and some symbols mixed in.