More than 2 million accounts have been compromised from popular sites such as Google, Yahoo, Twitter, Facebook and LinkedIn, etc.
Trustwave notified these companies of the breach. They posted their findings publicly on Tuesday.
Security experts told BBC that a criminal gang may be behind the security breach. The stolen information can be used to extract people’s personal information from the websites, which can then be sold, according to BBC.
Facebook accounted for about 57% of the compromised accounts, followed by Yahoo (10%), Google (9%) and Twitter (3%).
Among the compromised data are 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files) and 6,000 remote log-ins.
Victims were from the U.S., Germany, Singapore and Thailand, among other countries, with the Netherlands at the top of the list.
The most popular password that was stolen is “123456,” followed by “123456789,” “admin,” “1234” and “password.”
