2 million Facebook, Gmail and Twitter passwords stolen in massive hack

[rbeau30]

http://money.cnn.com/2013/12/04/tech...html?hpt=hp_t2


318,000 Facebook (FB, Fortune 500) accounts
70,000 Gmail, Google+ and YouTube accounts
60,000 Yahoo (YHOO, Fortune 500) accounts
22,000 Twitter (TWTR) accounts
9,000 Odnoklassniki accounts (a Russian social network)
8,000 ADP (ADP, Fortune 500) accounts (ADP says it counted 2,400)
8,000 LinkedIn (LNKD)accounts

[hatidua]

alas, it was bound to happen eventually, hackers have done it to everyone else

[rbeau30]

alas, it was bound to happen eventually, hackers have done it to everyone else

Yup, information is NEVER safe. The thing with Locks, passwords, and anything designed to keep things secret, there will ALWAYS be a way to defeat the mechanism. I'm so sad cloud computing and storage is becoming so prevalent. Just a matter of time before your stuff is in the hands of people planning to do bad things with it.

[clodhopper]

Since I am not a techie type, maybe you guys can help. Are the numbers of accounts listed simply estimated or do they know which ones were hit? If they know which accounts were affected, is it common to notify those accounts to change passwords? Otherwise, if it is just an estimate and know one knows what the hackers got, then everyone should change passwords anyway, right?

[merl]

Since I am not a techie type, maybe you guys can help. Are the numbers of accounts listed simply estimated or do they know which ones were hit? If they know which accounts were affected, is it common to notify those accounts to change passwords? Otherwise, if it is just an estimate and know one knows what the hackers got, then everyone should change passwords anyway, right?

This was not a "hack" per say where they get inside FB or inside Google and take their user lists. This was a keylogger installed as a virus. Passwords were taken off each machine as they were typed in.

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

As such there will be no notification because nobody knows exactly what accounts were taken except those that have them.

Generally in the event of a major breach everyone is forced to create a new password.

[Jer]

This was not a "hack" per say where they get inside FB or inside Google and take their user lists. This was a keylogger installed as a virus. Passwords were taken off each machine as they were typed in.

Don't you know that EVERYTHING involving technology these days is considered a 'hack'? lol

Generally in the event of a major breach everyone is forced to create a new password.

When in doubt, create new passwords.