Security experts have discovered two million stolen passwords to websites such as Facebook, Google and Twitter in a Dutch server used by cybercriminals.
Reuters reports the passwords were discovered from researchers with Trustwave’s SpiderLabs while they were investigating the “Pony botnet”, a server in the Netherlands which controlled a network of compromised computers.
The passwords were for more than 90,000 websites and internet service providers (ISPs), including more than 326,000 Facebook accounts, 60,000 Google accounts, more than 59,000 Yahoo! accounts and almost 22,000 Twitter accounts, with the company saying it had reported its findings to the largest firms.
Facebook and Twitter said they had reset the affected passwords, while SpiderLabs said it had contacted Dutch authorities to ask them to take down the server.
The company criticised the passwords used, with an analysis on its blog saying the most common password was “123456”, while other common ones included “password”, “admin”, “123” and “1”.
