Trustwave, a U.S.-based security firm, has tracked the massive breach of about 2 million usernames and passwords in a server in the Netherlands. The breach affected accounts from Facebook, Gmail, LinkedIn, Twitter and Yahoo.
According to Trustwave, the most popular stolen passwords were those rated as "weak." Only about 5% of the compromised accounts have passwords with "excellent" level with eight or more characters at the top of the list were "123456."
"Unfortunately, there were more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between the medium category," Trustwave said in a blog post.
The attack was widespread reaching over 100 countries.
How Did the Attack Happen?
"Innocent users' computers had become infected with malware, which grabbed login details as they were entered by users," Graham Cluley, an independent security researcher, said on his blog.
The login details were to be transmitted to the hackers for the purpose of accessing the accounts themselves or sell the details to other online criminals.
Serge Malenkovich of Kaspersky said the problem will become even worse through re-using the same password for multiple online accounts.
"As passwords theft happens more often, this habit [re-using passwords] has become even more dangerous, especially if you consider that your daily routine now includes persistent access to financial transactions - from classical online banking to fund transfers using Gmail attachments. That's why a seemingly innocent Twitter password theft might eventually lead to the loss of real money," Malenkovich noted.
Various security researchers had warned to strengthen protection from hackers due to the password-heist incident.
To contact the editor, e-mail: