An InfoSec company TrustWave has reported that unknown hackers have stolen usernames and passwords of two million accounts at Google, Facebook, Twitter, Yahoo and others high profile companies.
The company revealed that hack was a result of a keylogging software installed maliciously on unknown but thousands of personal computers around the globe. The installed malware took screenshots and recorded every keystroke of log-in credentials while users logged into websites like Facebook, Gmail, Twitter and many other key sites over the past month.
Logs from those affected computers were then sent to a server located in the Netherlands, controlled by unknown hackers. TrustWave reported that total 93,000 websites were targeted.
A screenshot of some major targeted sites with total number of compromised accounts:
The company has posted full review of the breach here on Tuesday, after notifying the affected company about the breach.
John Miller, a security researcher at TrustWave said that:
“We don’t have evidence they logged into these accounts, but they probably did.”
Google has declined to comment on the issue, while Yahoo was not available to reply. ADP, Facebook, Twitter and LinkedIn claims to already notify and reset passwords.
Meanwhile TrustWave is not sure how the virus was installed on so many computers around the world. It is also not sure if the virus is still active and compromising user credentials. However, it will be impossible to track hackers as they were routing information through a proxy server.
This is not the first time when high profile websites have their users compromised. Yahoo has a history of poor security when in July 2012 435,000 Yahoo Accounts and on February 2013, Telecom NZ ‘s 80,000 Yahoo Xtra Email accounts were hacked and leaked.