News | News

Hackers steal millions of passwords from social media users

December 4, 2013 5:33 pm

Google login (file)

Someone has stolen more than two million passwords from users of Facebook, Google, Twitter, Yahoo and others and posted the sensitive information online, according to security firm Trustwave.

The firm recently discovered the data had been posted to a website written in Russian.

Yet, experts tell KTVU that individual users around the world, not the social media sites, were the actual targets of malicious software known as “malware.”

“It’s just really to do with their popularity. It’s nothing to do with the inherent security of the sites themselves,” said Internet security expert, Ken Baylor.

Baylor has served as chief security officer for several companies and says he’s very familiar with the malware used to collect the sensitive data. It allows hackers to record every keystroke of infected users.

“Every time you log into your bank, every time you log into Facebook, every time you log into Google… everything is written down and then sent off to a server,” said Baylor.

Experts warn the biggest mistake is password reuse, or repeatedly relying on the same password across several accounts.

Facebook told KTVU it has reset the passwords of any users who were compromised.

In a statement, a Facebook spokesperson wrote:

“Facebook takes people’s information security extremely seriously and we work hard to protect it. While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their web browsers.”

Google pointed users to the following on-line resources for protecting their passwords: