Security player Trustwave has revealed that Facebook, Gmail, Twitter, Yahoo! and LinkedIn have had to reset more than 2m passwords after hackers installed keylogging software on computers in 92 countries.
The hackers recorded user logins and passwords as they were being typed.
While the companies themselves have not been breached, Facebook, ADP, LinkedIn and Twitter have reset passwords and have alerted compromised users.
The massive hack affected 318,0000 Facebook accounts, 70,000 Gmail, Google+ and YouTube accounts, 60,000 Yahoo! accounts, 22,000 Twitter accounts, 9,000 accounts belonging to Russian social network Odnoklassniki, 8,000 ADP accounts and 8,000 LinkedIn accounts.
According to an earlier report from SpiderLabs, Trustwave’s advanced security team, the attack also compromised credentials used to connect to FTP servers.
The hacking campaign secretly began collecting passwords on 24 October. Trustwave has warned that the attack is continuing from several servers it hasn’t yet managed to track down yet.
IT security image via Shutterstock