A research team from Trustwave’s SpiderLabs has discovered 2 million stolen user passwords while investigating a server in the Netherlands for evidence of criminal activity, according to a recent article published on the Reuters web site. The article indicates that some of these passwords are directly associated with users of Facebook, Google, Twitter and Yahoo.
Trustwave’s SpiderLabs has reported that they discovered the credentials associated with more than 90,000 websites and Internet service providers on the server, according to the report. The article indicates that more than 326,000 Facebook Inc accounts, approximately 60,000 Google Inc accounts, and tens of thousands of Yahoo and Twitter accounts were from countries around the world including the United States.
The article confirmed that Facebook and Twitter have reset the passwords of their affected users but no information has yet been released by representatives of Google or Yahoo. An independent security expert, Graham Cluley, was quoted in the article to say, “People are using very dumb passwords. They are totally useless.” In the article Cluley notes that “it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.”