TrustWave SpiderLabs tm is reporting on stolen credentials for approximately two million compromised accounts. The tactic is similar to earlier breaches: harvesting passwords using key logging software. The team believes the passwords had been harvested by a large botnet –
dubbed Pony. Given that many users employ the same or similar passwords for many purposes, the security risks are apparent. TrustWave cautions “If you don’t enforce a password policy, don’t expect your users to do it for you.”
Most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.
See link to the report: