Thursday, 5 December 2013

Google, Facebook, payroll accounts targeted in major password theft, security ... - Washington Post

16:52 Unknown No comments



Security researchers at the Chicago-based firm Trustwave have identified a massive theft of passwords that scooped up the usernames and passwords of some of the most popular sites in the Web, including Facebook and Google. The theft was done by means malicious software called Pony, which the firm estimates allowed thieves to take the credentials for approximately 2 million accounts.


Pony is a botnet, which can capture passwords by logging the keys that Web users type. Trustwave has been tracking the software for several months, and estimates it collects tens of thousands — sometimes hundreds of thousands — of passwords from Web sites, e-mail providers and other accounts each day.




In a blog post Tuesday, researcher Daniel Chechik said that while he expected to see popular Web sites such as Facebook, Google, Yahoo, Twitter and LinkedIn as targets for the bot, he was concerned to see payroll provider ADP on list.


"Facebook accounts are a nice catch for cyber criminals, but payroll services accounts could actually have direct financial repercussions," he noted.


In a statement Wednesday, ADP said that is aware of the botnet and had determined none of its internal networks or servers have been compromised.


"To our knowledge, none of ADP's clients has been adversely affected by the compromised credentials," the company said.


The firm did say, however, that it is requiring a password reset for around 2,400 of its clients, who were affected by the attack out of an "abundance of caution."


Google declined to comment. Twitter confirmed that it has been in touch with the researchers and reset affected users' passwords. Yahoo, Facebook and LinkedIn did not immediately respond to a request for comment.


The server running the attack appears to be located in the Netherlands, Chechik wrote. The attack, Trustwave said, appears to be fairly global and doesn't seem to be heavily targeting any particular country. Chechik noted, however, that there does appear to be a higher-than-expected number of Russian language sites affected.




Follow The Post's new tech blog, The Switch, where technology and policy connect.







via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNFSDhaaBji-CvFp_EhjYGRciCcapQ&url=http://www.washingtonpost.com/business/technology/google-facebook-payroll-accounts-targeted-in-major-password-theft-security-experts-say/2013/12/05/011a4fd8-5db6-11e3-bc56-c6ca94801fac_story.html

IFTTT

Put the internet to work for you.


via Personal Recipe 2598265


Posted in:

0 comments:

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Online Project management