Hackers stole nearly 26 million user login credentials and passwords from sites including Facebook, Google, Amazon, Netflix, and others
Another day, another hacking news. Cyberattacks are becoming a major issue for businesses and the trend is not our friend. Just last month, Colonial Pipeline surrendered to the Darkside hacker group after it paid nearly $5 million in ransom via an untraceable cryptocurrency before law enforcement agencies later recovered about 75% of the payment.
Today, cybersecurity provider NordLocker reported that another group of hackers successfully used a custom Trojan-type malware to steal nearly 26 million login credentials – emails or usernames and associated passwords – from almost a million websites over a two-year period, including from such namesakes as Amazon, Facebook, and Twitter.
According to the report, the custom Trojan-type malware infiltrated over 3 million Windows-based computers and stole 1.2 terabytes (TB) of personal information between 2018 and 2020, with the cyber intruders making off with around 1.2 terabytes of personal information, according to a case study carried out by NordLocker in partnership with a third-party firm specializing in data breach analysis.
After analyzing data collected from 3.25 million computers, the company found that 26 million stolen login credentials were across twelve different website types, including social media, online gaming, and email services. They included such household names as Google (1.54 million), Facebook (1.47 million), Amazon (0.21 million), Apple (0.13 million), Netflix (0.17 million), and PayPal (0.15 million).
The trojan-type malware was transmitted via email and illegal software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games. The malware stole nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies, and 6.6 million files.
The so-called “Nameless,” or custom, trojans such as this are widely available online for as little as $100. Their low profile often helps these viruses stay undetected and their creators unpunished. The virus later assigned unique device IDs to the stolen data, so it can be sorted by the source device.