Hackers Use ‘Pony’ to Ride Away With Login Info for Facebook, Google, and Others
Security researchers from Chicago-based firm Trustwave have discovered that hackers using malicious software called “Pony” have scooped up the usernames and passwords of about 2 million accounts on the most popular sites on the Internet including Facebook (NASDAQ:FB) and Google (NASDAQ:GOOG), according to a report from the Washington Post.
Speaking to the Post, Trustwave’s John Miller said that Pony is a fairly common piece of malware that monitors users’ browsers and collects their log-in information. Hackers frequently sell the software in hacking communities, and Pony is capable of collecting up to hundreds of thousands of passwords per day.
Miller said this particular attack has been going on for about a year and warned that the Pony malware is probably collecting much more information than the researchers discovered.
Trustwave said that the most common hacked accounts were from Facebook, Google, Yahoo (NASDAQ:YHOO), Twitter (NYSE:TWTR), and LinkedIn (NYSE:LNKD). The attack has also affected one of the biggest payroll companies, Automatic Data Processing (NASDAQ:ADP), which, according to the Post, runs the payroll systems of more than 620,000 companies. ADP is an appealing target for hackers because it uses banking information to administer direct deposit of paychecks.