Hackers Stole Nearly 26 Million User Login Credentials for Sites Like Amazon, Google, Facebook

Hackers Stole Nearly 26 Million User Login Credentials for Sites Like Amazon, Google, Facebook
A hacker uses his computer in Dongguan, China, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images
Tom Ozimek
Updated:
Hackers using custom malware stole nearly 26 million login credentials—emails or usernames and associated passwords—from almost a million websites over a two-year period, including Amazon, Facebook, and Twitter, according to cybersecurity provider NordLocker.

The Trojan-type of malware infiltrated more than 3 million Windows-based computers between 2018 and 2020, with the cyber intruders making off with around 1.2 terabytes of personal information, according to a case study carried out by NordLocker in partnership with a third-party firm that specializes in data breach analysis.

The 26 million stolen login credentials were across 12 different website types, including social media, online gaming, and email services. They included such household names as Google (1.54 million), Facebook (1.47 million), Amazon (210,000), Apple (130,000), Netflix (170,000), and PayPal (150,000).

An illustration file photograph shows the logos of Google, Apple, Facebook, Amazon, and Microsoft displayed on a mobile phone and a laptop screen. (Justin Tallis/AFP via Getty Images)
An illustration file photograph shows the logos of Google, Apple, Facebook, Amazon, and Microsoft displayed on a mobile phone and a laptop screen. Justin Tallis/AFP via Getty Images

In addition to login credentials, the stolen data includes 1.1 million unique email addresses, over 2 billion cookies, and 6.6 million files that users were storing on their desktops and in their downloads folders.

The stolen cookies, which can in some cases give access to a victim’s online accounts, were sorted into five groups: online marketplace, online gaming, file sharing site, social media, and video streaming services.

The billions of stolen cookies were associated with such sites as YouTube (17.1 million), Facebook (8.1 million), Twitter (5.2 million), Amazon (3.5 million), MediaFire (3.2 million), and eBay (2 million).

The malware mainly targeted web browsers to steal the data, with the top three software sources for stolen email/usernames plus passwords being Google Chrome (19.4 million), Mozilla Firefox (3.3 million), and Opera (2 million).

Besides stealing files, the malware also took screenshots of infected computers and photos using its webcam.

The malware was transmitted by email and pirated software, including illegal versions of Adobe Photoshop 2018 and a number of cracked games.

The report comes amid warnings from administration officials that cyberattacks of various types are on the rise.

U.S. Secretary of Commerce Gina Raimondo said last week that the number of cyber intrusions will only increase in the future, and urged businesses to shore up their cybersecurity systems.

“We should assume and businesses should assume that these attacks are here to stay and if anything will intensify,” Raimondo said in an interview with ABC.

Her remarks followed a June 3 letter from Anne Neuberger, a cybersecurity adviser at the National Security Council, who warned business leaders about the growing risk of ransomware attacks and urged them to beef up security measures.

“The threats are serious and they are increasing,” Neuberger said in the letter obtained by media outlets.

The officials’ warnings come after a number of recent high-profile cyberattacks, including one targeting Colonial Pipeline last month, leading to a disruptive shutdown and gasoline shortages, and another targeting JBS, America’s biggest beef producer.

Tom Ozimek
Tom Ozimek
Reporter
Tom Ozimek is a senior reporter for The Epoch Times. He has a broad background in journalism, deposit insurance, marketing and communications, and adult education.
twitter
Related Topics