Why Two Million Social Media Accounts Were Hacked

Researchers at Trustwave Spiderlabs uncovered a widespread hack on social media accounts. The evidence points to the use of weak passwords.

With all the fear about having your social media accounts hacked, and networks implementing stronger security protocols, you’d think people would get smarter about choosing their passwords. Unfortunately, this is not the case.

Case in point, researchers from security firm Trustwave Spiderlabs uncovered a huge hacking database that stole usernames and password data from two million users. The majority of the credentials were from social media accounts, with 57 percent of them coming from Facebook.

The researchers found the information on a server in the Netherlands, with a lot of the info coming from Dutch, Thai, German, Indonesian and Singaporean accounts. US accounts represented just 0.1 percent of the hack.

The server storing this information was likely only a proxy server created to protect the main system that was the source of the attacks. While the exact method of obtaining the credentials is unclear, keylogger software, malware or widespread phishing are the likely culprits.

As with some other hacking discoveries, the data shows just how lazy some people can be can be when they are creating their passwords. If there’s any question about how this hack attack occurred, we might ask the nearly 16,000 people who chose the password “123456.” Or how about the 2,212 geniuses that chose the uncrackable password – “password.”

Spiderlabs also took the liberty of ranking the treasure trove of passwords from ‘excellent’ to ‘terrible.’ Only six percent of passwords were ranked ‘terrible,’ but only 19 percent ranked as ‘good’ or ‘excellent.’

Every password we choose may not be atrocious, there is certainly a long way to go for social media users until we’re free from the weaknesses of passwords like ‘123456.’

Image credit: xkcd

Publish date: December 5, 2013 https://dev.adweek.com/digital/why-two-million-social-media-accounts-were-hacked/ © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT