Skip to main content

Hackers stole 2M Facebook, Twitter, and Google passwords – here’s how to stay safe

123456 remains the worlds most used and worst password
JMik/Shutterstock

“Criminal botnet” sounds like something from a forgotten sci-fi serial from the 1970s, but turns out they’re real, and they’ll steal your passwords.

A botnet called Pony recently stole 2 million passwords for major online destinations like Facebook, Yahoo, Google, and Twitter, as well as payroll service Automated Data Processing. The security research team at Trustwave’s Spiderlabs discovered the massive data heist this week and outlined how the botnet works its dirty magic on their blog

Recommended Videos

The passwords were welched off devices infected with malware that gave something called the Pony Botnet Controller access to information. This version of Pony rounds up passwords with frightening efficiency; even more disturbingly, since it has successfully obtained information from a large payroll company, this criminal hack could have immediate financial repercussions for people impacted. Yikes. 

There’s no way to make your information absolutely 100 percent safe, because the collectives behind this sort of attack tend to be pretty smart at inventing new ways to get at our personal information. But there are a few steps you can take to avoid falling prey to this kind of hack. 

First, assess the situation. 

Find out if you were one of the unlucky victims at HaveIBeenPwned – the site lets you enter as many email accounts as you want and will tell you if you’ve been hacked. It might even give some follow up information about what particular security breach was responsible. If any of your accounts turn up a warning, you’d best go change that password immediately. 

Don’t choose an obvious, simple password. 

You’d think people would know by now not to use passwords like “123456” but I guess not. This kind of “chocolate teapot” password (meaning: they’re completely useless) was the most commonly stolen. Other commonly stolen passwords: 123456789, 1111111, and “admin.” Just get more creative (your birthday and name aren’t recommended, either). Setting a longer password seems like too simple a solution, but most of the passwords stolen were just that — too simple. Pony Botnet Password Chart

For Facebook, take advantage of additional security. 

Facebook told the BBC that people could safeguard their passwords by activating Login Approvals and Login Notifications in their security settings. Turning the Login Notifications on will alert you anytime someone attempts to sign in from an unknown location, and using Login Approval will generate a unique password that gets sent to your mobile phone — and both security measures could keep your Facebook information out of the hands of botnets. 

This isn’t the first time a widespread security breach has happened. This is on a notably large scale, yes, but passwords get stolen all the time. The best thing you can do is come up with a complicated, long, unique password that won’t be easy to guess, and take the time to set your security settings to notify you when unusual activity occurs. 

Kate Knibbs
Former Digital Trends Contributor
Kate Knibbs is a writer from Chicago. She is very happy that her borderline-unhealthy Internet habits are rewarded with a…
How to get verified on Instagram Threads
A verified account on Instagram Threads.

Like Twitter and Instagram, Instagram Threads allows users to become verified to confirm their identities and access some exclusive features. Similar to Twitter's verification process, you'll need to pay a monthly fee to be verified on Threads, so keep that price in mind as you get your verified Threads account set up.

So, without further ado, here's how to get verified on Instagram Threads in a few straightforward steps.

Read more
How to remove location data from your iPhone photos
How to transfer photos from an iPhone to an iPhone

We all love making memories, and a great way to collect those memories is to take a quick snap of a gorgeous landscape, a party in full swing, or a particularly incredible meal. The Apple iPhone now also adds a location to your pictures, meaning it can collate those images together into a location-themed album, or show you all the shots you've taken in a specific location. It's a fun little addition, and it's one that adds a lot of personality to the Photos app.

Read more
‘Photoshopped’ royal photo causes a stir
The Princess of Wales with her children.

[UPDATE: In a message posted on social media on Monday morning, Princess Kate said that she herself edited the image, and apologized for the fuss that the picture had caused. “Like many amateur photographers, I do occasionally experiment with editing," she wrote, adding, "I wanted to express my apologies for any confusion the family photograph we shared yesterday caused."]

Major press agencies have pulled a photo of the U.K.’s Princess of Wales and her children amid concerns that it has been digitally manipulated.

Read more