2 million stolen passwords for Facebook, Twitter, Google, Yahoo and others leaked online

Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe.
passsResearchers with Trustwave’s SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the “Pony botnet.”

The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers’ credentials it had found on the server.

The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims’ were from the United States, Germany, Singapore and Thailand, among other countries.

Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached.

SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down the Pony botnet server.

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was “123456,” which was used in nearly 16,000 accounts. Other commonly used credentials included “password,” “admin,” “123″ and “1.”

Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.

“People are using very dumb passwords. They are totally useless,” he said.

About these ads

“Khalil Shreateh” who exposed Facebook bug to get reward from unexpected source

A man who hacked into Mark Zuckerberg’s Facebook page to expose a software bug is getting donations from hackers around the world after the company declined to pay him under a program that normally rewards people who report flaws.

Khalil Shreateh discovered and reported the flaw but was initially dismissed by the company’s security team. He then posted a message on the billionaire’s wall to prove the bug’s existence.

Now, Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust, is trying to mobilize fellow hackers to raise a $10,000 reward for Shreateh after Facebook refused to compensate him.

Maiffret, a high school dropout and self-taught hacker, said on Tuesday he has raised about $9,000 so far, including the $2,000 he initially contributed.

He and other hackers say Facebook unfairly denied Shreateh, a Palestinian, a payment under its “Bug Bounty” program. It doles out at least $500 to individuals who bring software bugs to the company’s attention.

“He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken,” Maiffret said. “It’s something that might help him out in a big way.”

Shreateh uncovered the flaw on the company’s website that allows members to post messages on the wall of any other user, including Zuckerberg’s. He tried to submit the bug for review but the website’s security team did not accept his report.

He then posted a message to Zuckerberg himself on the chief executive officer’s private account, saying he was having trouble getting his team’s attention.

“Sorry for breaking your privacy,” Shreateh said in the post.

The bug was quickly fixed and Facebook issued an apology on Monday for having been “too hasty and dismissive” with Shreateh’s report. But it has not paid him a bounty.

“We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users,” chief security officer Joe Sullivan said in a blogpost.

He said Facebook has paid out more than $1 million under that program to researchers who followed its rules.

Mark Zuckerberg’s Facebook Account Hacked

A Palestinian programmer has highlighted a flaw in Facebook’s security system by posting a message on Mark Zuckerberg’s private page.

Khalil Shreateh used a vulnerability he discovered to hack the account of the Facebook founder and raise the alarm.

Mr Shreateh said he had tried to use Facebook’s White Hat scheme, which offers a monetary reward for reporting vulnerabilities, but had been ignored.

A screenshot of the message left on Mark Zuckerberg's wall

A screenshot of the message left on Mark Zuckerberg’s wall

Facebook said it had fixed the fault but would not be paying Mr Shreateh.

Mr Shreateh found a security breach that allowed Facebook users to post messages on the private “walls” of people who had not approved them as “friends”, overriding the site’s privacy features.

‘Not a bug’

He wrote to Facebook’s White Hat team to warn them of the glitch, providing basic details of his discovery.

After a short exchange with the team, Mr Shreateh received an email saying: “I am sorry this is not a bug”.

Following this rebuttal, Mr Shreateh exploited the bug to post a message on Mr Zuckerberg’s page.

In the post, Mr Shreateh, whose first language is Arabic, said he was “sorry for breaking your privacy and post to your wall” but that he had “no other choice” after being ignored by Facebook’s security team.

An engineer on Facebook’s security team, Matt Jones, posted a public explanation saying that although Mr Shreateh’s original email should have been followed up, the way he had reported the bug had violated the site’s “responsible disclosure policy”.

He added that as Mr Shreateh had highlighted the bug “using the accounts of real people without their permission”, he would not qualify for a payout.

Facebook admits year-long data breach exposed 6 million users

SAN FRANCISCO (Reuters):- Facebook Inc has inadvertently exposed 6 million users’ phone numbers and email addresses to unauthorized viewers over the past year, the world’s largest social networking company disclosed late Friday.

Facebook blamed the data leaks, which began in 2012, on a technical glitch in its massive archive of contact information collected from its 1.1 billion users worldwide. As a result of the glitch, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have.

Facebook admits year-long data breach

Facebook admits year-long data breach

Facebook’s security team was alerted to the bug last week and fixed it within 24 hours. But Facebook did not publicly acknowledge the bug until Friday afternoon, when it published an “important message” on its blog explaining the issue.

A Facebook spokesman said the delay was due to company procedure stipulating that regulators and affected users be notified before making a public announcement.

“We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing,” Facebook said on its blog.

While the privacy breach was limited, “it’s still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again,” it added.

The breach follows recent disclosures that several consumer Internet companies turned over troves of user data to a large-scale electronic surveillance program run by U.S. intelligence.

The companies include Facebook, Google Inc, Microsoft Corp, Apple Inc and Yahoo Inc.

The companies, led by Facebook, successfully negotiated with the U.S. government last week to reveal the approximate number of user information requests that each company had received, including secret national security orders.

(Reporting by Gerry Shih; Editing by Richard Chang)

Facebook server outage makes everyone freak out

STAND down. Facebook appears to be back online after a few minutes of a server-wide outage. Everyone can stop losing their minds.

Facebook appeared to be down for many users in the past hour or so with many taking to Twitter to complain that they could not access the site. When YourGadgetGuide tried to access Facebook from the UK 30 minutes ago the servers did not appear to be responding although in the last few minutes it has come back online. Service monitoring site DownRightNow reported that many of its users had reported Facebook as being offline although it is unclear what caused the problem. Facebook later explained that the site outage was due to some work they were doing on the site’s DNS servers.

Facebook server down

Facebook server down freaks out All

It said, “Earlier today we made a change to our DNS infrastructure and that change resulted in some people being temporarily unable to reach the site. We detected and resolved the issue quickly, and we are now back to 100 percent. We apologize for any inconvenience.” Earlier today at around 5pm Eastern Google was also suffering with reports of a GMail being down in the US, the UK and Brazil. were reported in the U.S., as well as Great Britain and Brazil. The email service returned after about an hour, “We’re investigating reports of an issue with Google Mail. We will provide more information shortly”, Google said on the Google Apps Dashboard.

Some dates when Facebook was actually down

On September 23, 2010, Facebook was showing DNS failure when you tried to reach their site. This seemed to be the case for most visitors.

Other general comments from our users about Facebook

  • Facebook can be down or working at various times throughout the day due to server problems, over activity, site problems, bugs, etc.
  • However, it should be pointed out that the servers of Facebook are rarely down and they last about 2 minutes (at most) when they are. If the servers are down, they forward you to a page telling you to come back later; when they maintain the site, they do it account by account, so the homepage is always working.
  • A good Internet connection is necessary to load the page, so if you can’t access Facebook, check that there is nothing else using the Internet on your IP address. If it is always slow, contact your service provider.
  • Sometimes Facebook doesn’t load due to the amount of cookies on your computer. If you have Vista, click Tools, delete browsing history and then delete all.

Messages posted online, apparently linked to hacking group Anonymous, have claimed responsibility for attacking the site, but these have since been debunked. That didn’t stop people from speculating that the outage was orchestrated by Anonymous in response to Facebook’s involvement in the US National Security Administration data-mining scandal.

Anonymous group launches citizen journalism website

Anonymous, the controversial hacking collective, has a new venture – a website for crowdsourced news.

Notorious Internet hacking collective Anonymous has launched a citizen journalism site that aims to collect breaking reports and blogs.

Hacking collective Anonymous launches 'citizen journalism site'

Hacking collective Anonymous launches ‘citizen journalism site’

The site, Your Anon News, will include feeds for livestream events “as they are taking place instead of the 10-second sound bites provided by the corporate media”.

The group has raised 54,798 dollars to get the site up and running, the BBC reports.

According to the report, the aim of the site is to bring together and expand its Your Anon news (YAN) service that currently runs on Twitter, Facebook and Tumblr.

The money, collected on fundraising site Indiegogo in the account name “Jackal Anon”, will be used for development and hosting fees.

Over 1,000 people contributed to the fund and were rewarded with Anonymous memorabilia including mugs, t-shirts and hoodies, the report said. (ANI)