Trustwave security researchers have discovered a trove of two million passwords that have been pilfered from a multitude of social networking sites and other web services and then dumped online. Unsurprisingly, most of the compromised logins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter and LinkedIn.
According to a blog published by Trustware more than 1.5 million of the login credentials are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, and 54,437 for Google, and 21,708 for Twitter. Credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells were also found in the trove.
It is suspect that the login details were obtained from computers infected with a rogue key-logger that transmitted the data to cybercriminals. The malicious software captured key presses from innocent victims as they unknowingly logged into their social media accounts.
As, with all security breaches, the quality of passwords used becomes a hot topic. Once again lessons have not been learnt from the recent exposure of poor password choices in the Adobe, vBulletin and Github breaches with the usual choices topping the list again : “123456″ , “123456789”, “1234″ and “password.”
The key lessons to learn from the aforementioned security breaches are to use strong, complex passwords that are unique for each account you use.
A secure password is always recommended but in this circumstance it would still be captured and your account would be compromised. However, it is possible to avoid such a security breach by using a password management system that will not only allow you to create unique, complex password but also bypass key-loggers.
my1login is a cloud based password manager that will improve your online security. my1login resolves the problem of remembering multiple logins, passwords and PINS by providing a safe way of accessing them via a highly secure personal portal.
my1login also mitigates against key loggers. Users can sign into web services without having to type their password to log into sites. my1login 2 step authentication to grant access to user accounts. Users create a secure phrase that encrypts all their logins within their browser before being sent over the internet and stored, and since their secure phrase is not stored, even my1login are unable to read these details. Users are then select characters from their passwords using dropdowns, like banking services. This process mitigates against this form of attack and increases your general online security.