Researchers have reportedly found a server storing more than 2 million pilfered passwords, most of them unlocking accounts on mega-popular websites such as Facebook, Yahoo, Google and Twitter.
About 318,121 user names and passwords for Facebook; 59,549 for Yahoo; 54,437 for Google; and 21,708 for Twitter were unearthed, says a blog post published Tuesday by researchers from security firm Trustwave's Spider Labs
Spider Labs says it uncovered the bounty of potentially valuable log-ins during an Internet sweep for the Pony botnet controller, a malware-spreading set of programs the researchers say they're increasingly encountering online.
This means the passwords were leaked not by Facebook and the other websites but from thousands of infected computers that collected the data when users logged onto their accounts, NBC News reported
Spider Labs said 97 percent of the total appeared to come from computers in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. U.S. accounts comprised 0.1 percent, with 1,943 compromised passwords.
In all, the data may have come from as many as 102 countries.
"As is often the case with mass password leaks, the discovery by Spider Labs underscores the poor security hygiene of many users," Ars Technica reported
"The usual offenders were there," the website reported, including "123456," used in 15,820 instances; "123456789," used in 4,875 cases; "1234," in 3,135 instances; and "password," in 2,212 cases.
"Overall, Spider Labs rated 6 percent of the passwords 'terrible,' 28 percent 'bad," 44 percent 'medium,' 17 percent 'good,' and just 5 percent 'excellent'," the website reported.
"Facebook takes people's information security extremely seriously and we work hard to protect it," a Facebook spokesperson told NBC News.
"While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their Web browsers."
Facebook's recommendation is to engage the site's two-factor authentication, which requires a passcode from your phone as well as your standard password.
Twitter, Yahoo, Google, and others have a similar option, NBC News noted.
© 2014 Newsmax. All rights reserved.