k_Street Consulting, LLC Blog
2 Million Stolen Passwords Recovered
Security company Trustwave made a discovery last week that sent the online world into a frenzy. They recovered two million stolen passwords from 93,000 different websites. This password cache included user accounts from major companies like Facebook, LinkedIn, Google, Twitter, and Yahoo. Is your password part of this haul?
These passwords were found inside a server in the Netherlands and the scam appears to be the work of a password collecting botnet called "Pony." Utilizing email phishing scams, the major hacking operation spanned the globe and netted passwords from more than 100 countries. This scam appears to have been in operation since October and security experts believe that it remains active.
Upon making the significant discovery, Trustwave immediately notified each company affected by the security breach. The affected companies then took action and immediately reset the passwords of their affected users and notified them that their account had been compromised.
The site with the most stolen passwords was Facebook with 300,000. The breached website that put businesses most at risk is the popular payroll management app ADP which had 8,000 accounts compromised. A spokesperson from ADP commented on the breach and said, "To our knowledge, none of ADP's clients has been adversely affected by the compromised credentials."
Are Your Passwords Safe?
This news story may make you want to panic, but before you do, understand that unless you received a notification from your online service about the breach, then your account is likely safe.
If you were hacked, then your service provider would have automatically reset your password for you. The hacked users most at risk would be the ones that use a single password across multiple accounts. Therefore, if you were one of the two million victims out there, and you use the same password for your many accounts, then you will want to stop what you're doing and change the passwords for all of your accounts right now, and while you're at it, be on lookout for fraudulent charges.
You can minimize the risk from attacks like this by properly managing your online passwords and accounts. Here are a few tips that will protect you from phishing scams like the Pony botnet.
- Use Complex Passwords: Never use a password that's easy to guess. Instead, use one with random letters, numbers, and characters.
- Be Mindful of Phishing Scams: An email phishing scam will use deceptive messages in an effort to trick you into downloading a virus. Be sure to know what a phishing scam looks like. You will also want to train every employee using your company's network on how to spot an online threat.
- Update Your Software: Running updated software will help keep you protected from the latest known security threats.
- Use Two-Factor Authentication: Many online services like Google and Facebook offer more protections than just a single password. By taking advantage of two-factor authentication, you can add a second level of security to your account. The most common form of two-factor authentication uses SMS messaging to text you a unique code granting you access to your account. This is in addition to your password.
- Cycle Out Your Passwords: You should make it a habit to change your passwords every few months. This way, if your password is stolen and it happens to be an old one, then your account will be safe.
All of these security tips will go a long way in protecting your data. One of the biggest things you can do keep your business safe from online scams like this is to install a Unified Threat Management (UTM) tool for your network. k_Street Consulting, LLC can install a UTM for you that's designed to fit the unique needs of your business. A UTM can provide your organization services like content filtering and a strong firewall to help protect you from the worst on the web. To learn more about password management and UTM, give us a call at (202) 640-2737.
Comments