Skip to main content
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

2M Stolen Passwords: How to Protect Yours

By Aditi Mukherji, JD | Last updated on

Researchers have uncovered a jaw-dropping (and deeply disturbing) database containing 2 million stolen login credentials -- both usernames and passwords -- associated with Facebook, Twitter, Google, Yahoo, LinkedIn, and other online services.

Even more troubling, many of the victims had the worst passwords ever, such as "123456" and "password." (Seriously, people?)

Here's what happened, why it happened, and how you can prevent it from happening to you:

'Pony' Botnet

A botnet called "Pony" collected sensitive information from users in as many as 102 countries, with folks in the Netherlands being targeted the most, reports CNET.

Though details are still emerging on how exactly it stole the 2 million passwords, security company Trustwave believes people's computers were attacked by hackers using malware to scrape information directly from their Web browsers.

Version 1.9 of the botnet is a keylogging type of malware that captures passwords and login credentials of infected users when they access applications and Internet sites.

Poor Password Habits Revealed

The investigation also uncovered users' incredibly atrocious password habits. According to CNET, "the most common passwords were '123456,' '123456789,' '1234,' and the word 'password.'" Sadly, that's not a joke.

Though many companies -- including Facebook, LinkedIn, and Twitter -- have reset affected users' passwords, consumers are cautioned to be proactive and create more secure passwords.

Tips for Stronger Passwords

To prevent your password from being cracked as easily as the "00000000" code to launch the United States' nuclear missiles, consider doing the following:

  • Create a unique password. A strong password is long and contains numbers, upper-and-lower case letters, and $pec!@l ch@r@cter$.
  • Use a password generator. If you're all tapped out of good password ideas, consider using a secure password generator.
  • Change your password often. As annoying as changing a password is, it's a necessary evil. This is because even a strong, unique password can be compromised. If possible, try to change your password every 90 days.

Remember, a password is only as secure as you make it. Sorry, but "12345" and "password" are simply not going to cut it.

Related Resources:

Was this helpful?

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard