Two million accounts compromised by 'Pony' botnet, bad passwords
![](https://s.yimg.com/ny/api/res/1.2/_CqNf.AMuuF4ISjzKsDGfw--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTYwMA--/https://o.aolcdn.com/hss/storage/adam/58146129e68573d5ffe55245eb6ae2f2/pasword-hack-botnet-2013-12-04-01.jpg)
Though most of us cast stones at large-scale corporate password thefts, we ought to be checking our own glass houses, according to a security company called Trustwave. It just revealed that a single attack from a Dutch-based server has resulted in 2 million passwords pilfered from individual users for sites like Facebook and Google. The ne'er-do-well did it using a botnet and hacker program called "Pony," which likely directed the stolen info through a gateway or so-called reverse proxy. Thieves also gained access to an unusually high number of accounts from a single payroll service, which could cause "direct financial repercussions," according to the site. Lest you imagine that complex hacks were involved, though, think again. A commonly used cracking method was "guessing," thanks to poorly chosen passwords like "123456" used by -- wait for it -- 15,820 of the victims.