Skip to main content

Hackers stole 2M Facebook, Twitter, and Google passwords – here’s how to stay safe

“Criminal botnet” sounds like something from a forgotten sci-fi serial from the 1970s, but turns out they’re real, and they’ll steal your passwords.

A botnet called Pony recently stole 2 million passwords for major online destinations like Facebook, Yahoo, Google, and Twitter, as well as payroll service Automated Data Processing. The security research team at Trustwave’s Spiderlabs discovered the massive data heist this week and outlined how the botnet works its dirty magic on their blog

Recommended Videos

The passwords were welched off devices infected with malware that gave something called the Pony Botnet Controller access to information. This version of Pony rounds up passwords with frightening efficiency; even more disturbingly, since it has successfully obtained information from a large payroll company, this criminal hack could have immediate financial repercussions for people impacted. Yikes. 

There’s no way to make your information absolutely 100 percent safe, because the collectives behind this sort of attack tend to be pretty smart at inventing new ways to get at our personal information. But there are a few steps you can take to avoid falling prey to this kind of hack. 

First, assess the situation. 

Find out if you were one of the unlucky victims at HaveIBeenPwned – the site lets you enter as many email accounts as you want and will tell you if you’ve been hacked. It might even give some follow up information about what particular security breach was responsible. If any of your accounts turn up a warning, you’d best go change that password immediately. 

Don’t choose an obvious, simple password. 

You’d think people would know by now not to use passwords like “123456” but I guess not. This kind of “chocolate teapot” password (meaning: they’re completely useless) was the most commonly stolen. Other commonly stolen passwords: 123456789, 1111111, and “admin.” Just get more creative (your birthday and name aren’t recommended, either). Setting a longer password seems like too simple a solution, but most of the passwords stolen were just that — too simple. Pony Botnet Password Chart

For Facebook, take advantage of additional security. 

Facebook told the BBC that people could safeguard their passwords by activating Login Approvals and Login Notifications in their security settings. Turning the Login Notifications on will alert you anytime someone attempts to sign in from an unknown location, and using Login Approval will generate a unique password that gets sent to your mobile phone — and both security measures could keep your Facebook information out of the hands of botnets. 

This isn’t the first time a widespread security breach has happened. This is on a notably large scale, yes, but passwords get stolen all the time. The best thing you can do is come up with a complicated, long, unique password that won’t be easy to guess, and take the time to set your security settings to notify you when unusual activity occurs. 

Kate Knibbs
Former Contributor
Kate Knibbs is a writer from Chicago. She is very happy that her borderline-unhealthy Internet habits are rewarded with a…
Bluesky finally adds a feature many had been waiting for
A blue sky with clouds.

Bluesky has been making a lot of progress in recent months by simplifying the process to sign up while at the same time rolling out a steady stream of new features.

As part of those continuing efforts, the social media app has just announced that users can now send direct messages (DMs).

Read more
Reddit just achieved something for the first time in its 20-year history
The Reddit logo.

Reddit’s on a roll. The social media platform has just turned a profit for the first time in its 20-year history, and now boasts a record 97.2 million daily active users, marking a year-over-year increase of 47%. A few times during the quarter, the figure topped 100 million, which Reddit CEO and co-founder Steve Huffman said in a letter to shareholders had been a “long-standing milestone” for the site.

The company, which went public in March, announced the news in its third-quarter earnings results on Tuesday.

Read more
Worried about the TikTok ban? This is how it might look on your phone
TikTok splash screen on an Android phone.

The US Supreme Court has decided to uphold a law that would see TikTok banned in the country on January 19. Now, the platform has issued an official statement, confirming that it will indeed shut down unless it gets some emergency relief from the outgoing president.

“Unless the Biden Administration immediately provides a definitive statement to satisfy the most critical service providers assuring non-enforcement, unfortunately TikTok will be forced to go dark on January 19,” said the company soon after the court’s verdict.
So, what does going dark mean?
So, far, there is no official statement on what exactly TikTok means by “going dark.” There is a lot of speculation out there on how exactly the app or website will look once TikTok shutters in the US.

Read more