NT - 2 million passwords to popular internet sites were leaked

[jklcpa]

If you haven't seen this article yet: http://www.nbcnews.com/technology/2-million-stolen-passwords-facebook-twitter-google-yahoo-others-leaked-2D11691630

2 million stolen passwords for Facebook, Twitter, Google, Yahoo and others leaked online

More than 2 million passwords for some of the most popular spots on the Internet — including Facebook, Twitter and Google — are now a matter of public record, according to a fresh report from SpiderLabs, a research arm from security firm Trustwave.

SpiderLabs says it uncovered the bounty of potentially valuable (and often ridiculously simple) log-ins during its latest Internet sweep for the Pony botnet controller, a malware-spreading set of programs which the researchers say they're increasingly encountering online. This means the passwords were not leaked by Facebook and the like, but from thousands of infected computers that collected the data when users logged onto their accounts.

Whether or not the passwords are current or out-dated is unknown, but the attack appears to be "fairly global," SpiderLabs reports. "At least some of the victims are scattered all over the world." What's more, many of the passwords were fairly simple, with that old chestnut "123456" topping the list as the password for 15,820 accounts. ("12346789" came in at number two with 4,875 instances.) This could mean extra bad things the 30 to 40 percent of Internet users who use the same password on multiple accounts — say Facebook ... and their bank account.

"Facebook takes people’s information security extremely seriously and we work hard to protect it," a Facebook spokesperson said in a statement. "While details of this case are not yet clear, it appears that people’s computers may have been attacked by hackers using malware to scrape information directly from their Web browsers."

Facebook's recommendation is to engage the site's two-factor authentication, which requires a passcode from your phone as well as your standard password. Twitter, Yahoo, Google and others also have an option like this, so it helps to look into the settings of all of your major Internet services.

But hey, it's always a good day to change your password, too.

Helen A.S. Popkin is Deputy of Technology & Science editor for NBCNews.com. Join her, won't you on Twitter and /or Facebook.

[Guest Taxed]

I know people always complain that they are forced to change passwords frequently or use special characters, no repeats etc. It is a pain but there is a reason why?

[MAMalody]

The article I read indicated only about 2000 were in the US. I hope that is the case. Again it demonstrates the necessity of website security and vigilance.

[Guest Taxed]

People, before you bash Obamacare website for security, tell me how many times has it been hacked and how much data was stolen?

Do you know that the signup data which has no bank or medical records is purged after enrollment is successful.

That data is moved to other Govt servers already in place and following Federal security guidelines.

So before you scare other people, look for actual facts first.

[Jack from Ohio]

A true serious hacker will not be discovered for months. The security flaws have been identified by experts. it is only a matter of time.

[MAMalody]

People, before you bash Obamacare website for security, tell me how many times has it been hacked and how much data was stolen?

Do you know that the signup data which has no bank or medical records is purged after enrollment is successful.

That data is moved to other Govt servers already in place and following Federal security guidelines.

So before you scare other people, look for actual facts first.

That's right. The government will tell us right away that the website is hacked and those that hack it (illegally, I suspect) will be right up there confessing to their illegal act.

I do understand the purge issue, however, with the "back end" not completed yet, the question remains when will the purging take place...one, two, three months or more down the road.

I am looking for facts but am not sure that I see any hard data in your posting. (For that matter, mine is also supposition.)

[Guest Taxed]

If you don't want to be hacked or tracked, the only solution is to give up electronic communicating devices and live in a cave!

When you want to communicate use smoke signals!

[MAMalody]

Missed the point.

[jklcpa]

You missed a few...

Jack, I didn't delete your post, I thought you deleted it yourself. Now this thread has several posts follow up posts that reference the gov't healthcare site that now seem to come out of the blue.

Anyway, we have topics over in the politics section on the ACA where that site's bashing is going on. This topic was supposed to be about the password hacking done on the social media sites.

[kcjenkins]

I've found LastPass to be a good solution, just be SURE you don't forget your master password for LastPass itself.