Two Million Passwords Hacked

Over two million passwords were hacked in the last two months. Chicago based Trustware reports that 320,000 e-mail passwords and 1.58 million website passwords were stolen in the massive breach. A majority of the passwords were tied to social media accounts including Facebook, Twitter, and LinkedIn. The breach also included Google, Yahoo, and ADP, which is a payroll service provider.

A Trustware spokesman said the breach began in October. Although there is no evidence that the passwords were used to log into the accounts, security research manager John Miller expects they were.

As reported by KSDK News, a majority of the passwords were hacked from accounts originating in the Netherlands. However, accounts in Germany, Indonesia, Singapore, Thailand, the United States, and more than 90 other countries were included in the attack.

The passwords were hacked using malicious software, which was installed on millions of computers. The software reportedly forwarded the login information to a server located in the Netherlands.

In the process of investigation, Trustware found that many users’ passwords are simply too easy to hack. The most commonly used passwords are 1234, 12345, 123456, and 123456789.

Strong passwords contain eight or more characters. Trustware also recommends avoiding common words or phrases. Passwords that use a diverse combination of letters, numbers, and symbols are recommended.

Fox News reports that many sites have added security questions to retrieve forgotten passwords. However, answers to the questions are often easy to guess or look up. Trustware also recommends using a combination of letters and numbers to answer security questions.

Security officials with ADP, Facebook, LinkedIn, and Twitter notified users about the breach and prompted them to reset their passwords. Officials with Google and Yahoo have not commented about the breach.

Trustware is a company that identifies and reduces data security risks. The cybersecurity firm discovered the hackers’ server on November 24. The data includes passwords hacked from nearly 100,000 different websites.

[Image via Shutterstock]