Ride the Pony, Mony, Mony

TrustWave SpiderLabs tm is reporting on stolen credentials for approximately two million compromised accounts.  The tactic is similar to earlier breaches: harvesting passwords using key logging software.  The team believes the passwords had been harvested by a large botnet –
dubbed Pony.  Given that many users employ the same or similar passwords for many purposes, the security risks are apparent.  TrustWave cautions “If you don’t enforce a password policy, don’t expect your users to do it for you.”

Most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.

See link to the report:



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.