NeoGAF

cartoon_soldier · (Yesterday, 10:46 PM)

http://www.bbc.co.uk/news/technology-25213846

More than two million stolen passwords used for sites such as Facebook, Google and Yahoo and other web services have been posted online.

The details had probably been uploaded by a criminal gang, security experts said.

It is suspected the data was taken from computers infected with malicious software that logged key presses.

In a blog post outlining its findings, the team said it believed the passwords had been harvested by a large botnet - dubbed Pony - that had scooped up information from thousands of infected computers worldwide.

Original blog post:
http://blog.spiderlabs.com/2013/12/l...medium=twitter

Speedy Blue Dude · (Yesterday, 10:48 PM)

Do they know the users who use said passwords? If so, damn users better change their stuff fast. If not, have fun wasting your time using the same passwords until it finally works for someone.

Cosmo Clock 21 · (Yesterday, 10:48 PM)

God damn bronies.

Bay Maximus · (Yesterday, 10:49 PM)

Any word on GAF passwords?

SRG01 · (Yesterday, 10:49 PM)

SMH at 123456. Seriously?

kick51 · 10:52 PM

2 factor authentication mo'fuckaaaaaa

edit: oh sweet I'm in the "excellent" bracket, the hackers like me.

stuminus3 · (Yesterday, 10:49 PM)

Incoming flurry of imbeciles on my Facebook freaking out because they've been 'hacked'.

samus i am · (Yesterday, 10:50 PM)

Ugh, I don't want to have to change my password.

Espresso · (Yesterday, 10:51 PM)

Mac for life.

Guy.brush · (Yesterday, 10:52 PM)

Is the US nuclear launch password on it too?
That would be 00000000

jersoc · (Yesterday, 10:53 PM)

if you haven't already, now would be a good time for 2 step on your google account.

Origami Superman · (Yesterday, 10:53 PM)

I hate having to look at my own Facebook feed most of the time, why would I want to see any other saps.

Protein · (Yesterday, 10:54 PM)

I'm sure the NSA will bring these people to justice.

NotTheGuyYouKill · (Yesterday, 10:54 PM)

How do we know if we're at risk?

UraMallas · (Yesterday, 10:54 PM)

Originally Posted by SRG01

SMH at 123456. Seriously?

That's amazing - that's the same combination I have on my luggage.

shagg_187 · 11:00 PM

hunter2. Damnit. I've been duped!

People who post 12345678 as password usually don't give a fuck if its stolen. I had that for my Yahoo account until I had to use it for GAF NHL League, and I changed it... except when they give a fuck and its stolen, then its sad.

Hellsing321 · (Yesterday, 10:57 PM)

Over 1000 people just had 1 as their password...

Agent AA1 · (Yesterday, 10:57 PM)

Originally Posted by SRG01

SMH at 123456. Seriously?

Dang!!! I have to change my password now.

Seriously though, thats sad.

Into · (Yesterday, 10:58 PM)

123456 is at least slightly better than your password being..."password"

Why do you use that?

"its easy to remember, it says my password right there."

Yes, a real human being i know literally said that. Not it was not a toddler, yes it was a grown up man.

ComputerMKII · 11:04 PM

Originally Posted by kick51

2 factor authentication mo'fuckaaaaaa

edit: oh sweet I'm in the "excellent" bracket, the hackers like me.

Thanks for reminding me to activate that feature.

bodyboarder · (Yesterday, 11:00 PM)

Originally Posted by samus i am

Ugh, I don't want to have to change my password.

You used password didn't you.

Danielsan · (Yesterday, 11:02 PM)

Two step verification for life. Sure sometimes it's a hassle, but whenever some doofus tries anything funny I get a text.

Starviper · (Yesterday, 11:02 PM)

Trustwave Spiderlabs is pretty awesome stuff. I work for a company related in some way to them, they release some pretty interesting blogs and informational posts. :)

Kajigger · (Yesterday, 11:03 PM)

If your password is 123456, 000000, 111111 or any other thing like that you deserve to have someone steal it.

Stat Flow · (Yesterday, 11:03 PM)

2 Step Authentication on Gmail + Backup Phone in addition to mobile phone + Printed Backup Codes = Fuck yeah.

adj_noun · (Yesterday, 11:03 PM)

Originally Posted by bodyboarder

You used password didn't you.

HA! I never use password! :D

Password123 for life!

Vyer · (Yesterday, 11:06 PM)

Originally Posted by SRG01

SMH at 123456. Seriously?

I've got the same combination on my luggage.

Emwitus · (Yesterday, 11:07 PM)

Originally Posted by Vyer

I've got the same combination on my luggage.

That's what she said

Vyer · (Yesterday, 11:09 PM)

Originally Posted by Emwitus

That's what she said

Don't call me Shirley.

freenudemacusers · (Yesterday, 11:10 PM)

jokes on them, I use 654321 for everything.

flippedb · (Yesterday, 11:18 PM)

I'll change my GAF password to "anal pleasure with pink dildo"

Vyroxis · (Yesterday, 11:23 PM)

Where are these lists posted? I wanna see if any of my friends are on the list so I can laugh at them.

Mariolee · (Yesterday, 11:25 PM)

I'm so done.

samus i am · (Yesterday, 11:26 PM)

Originally Posted by bodyboarder

You used password didn't you.

Changed it to 123456. The coast is clear.

slit · 12:53 AM

Yep, I heard about this. I work in cyber security so I'll be hearing about it for awhile.

Earthstrike · (Yesterday, 11:29 PM)

Anyone know where the list actually is, or at least a list of compromised users? I highly doubt I'm on it, but I always want to check these kinds of things.

la flama blanca · (Yesterday, 11:29 PM)

Mostly from the Netherlands though if I read correctly.

Originally Posted by Earthstrike

Anyone know where the list actually is, or at least a list of compromised users? I highly doubt I'm on it, but I always want to check these kinds of things.

Yes I would like an awesome brute force list as well...lol

SamVimes · (Yesterday, 11:29 PM)

Balphon · (Yesterday, 11:30 PM)

Someone really had it out for the Netherlands.

CornBurrito · (Yesterday, 11:34 PM)

So I guess it is time to change my passwords :[

Tenacious-V · (Yesterday, 11:38 PM)

Originally Posted by la flama blanca

Mostly from the Netherlands though if I read correctly.

Netherlands was a hub, maybe like a vpn server or something, to hide their tracks. The link says that the majority of the ones from the Netherlands came from the same IP address.

Choppasmith · 11:43 PM

Originally Posted by Cosmo Clock 21

God damn bronies.

???

Edit: Ah, I see where you're coming from now.

besada · (Yesterday, 11:41 PM)

Originally Posted by flippedb

I'll change my GAF password to "anal pleasure with pink dildo"

It's already being used.

Or so I hear.

SixFourMike · (Yesterday, 11:41 PM)

I just turned on 2 step verification on GMail, but I had a thought.

What if you say, only had a laptop as a verified computer, and someone stole your phone and laptop? From another computer, could you still log into your Google account to both access your GMail and remotely lock/wipe your phone?

undu · (Yesterday, 11:43 PM)

Apparently these passwords are collected using a trojan. So you should double-check with your anti-virus to see if you're infected and reset ALL your passwords before it's too late and somebody else changes them all.

Stumpokapow · (Yesterday, 11:45 PM)

14+ character four character types passwords = top one hundredth of one percent of passwords.

jett · (Yesterday, 11:50 PM)

Two-step verification bitches. Feeling safe.

strafer · (Yesterday, 11:52 PM)

fucking hell, I just changed passwords last week.

MilesWebber · (Yesterday, 11:55 PM)

the fuck is a chocolate teapot? I want one.

jsnepo · (Today, 12:01 AM)

So keylogger huh? I don't really login to accounts outside of my house so I doubt I'm compromised. My passwords are different per account and are alpha-numeric.