2 Million Passwords of Facebook, Gmail and Twitter Stolen Via Massive Hack

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week. The details had probably been uploaded by a criminal gang, security experts said. It is not known how old the details are - but the experts warned that even out-dated information posed a risk.

Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cyber criminals use to control a massive network of compromised computers known as the "Pony botnet."

The data includes more than 326,000 Facebook Inc accounts, some 60,000 Google Inc accounts, more than 59,000 Yahoo Inc accounts and nearly 22,000 Twitter Inc accounts, according to SpiderLabs. Victims' were from the United States, Germany, Singapore and Thailand, among other countries.

A botnet is a network of machines controlled by criminals thanks to malicious software being installed on to computers without the owner's knowledge.

The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. The hackers set up the keylogging software to rout information through a proxy server, so it's impossible to track down which computers are infected. Among the compromised data are 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6,000 remote log-ins.

Want to know whether your computer is infected? Just searching programs and files won't be enough, because the virus running in the background is hidden. Your best bet is to update your antivirus software and download the latest patches for Internet browsers, Adobe and Java. People also can help protect themselves when using Facebook by activating Login Approvals and Login Notifications in their security settings. They will be notified when anyone tries to access their account from an unrecognized browser and new logins will require a unique passcode generated on their mobile phone.

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was "123456," which was used in nearly 16,000 accounts. Other commonly used credentials included "password," "admin," "123" and "1."

The social network said all of the users found in the database had been put through a password reset process.