December 10, 2013
Pony Malware: Revisiting Password Security
It seems more and more often we’re hearing a story about hackers and stolen passwords. Hopefully, each incident reminds us of the importance of cyber security. The latest event has hackers using the “Pony” malware to steal valuable personal information from thousands of sites.
Story of the Security Breach
According to CNN Money, hackers stole usernames and passwords for nearly two million sites including Facebook, Google, Twitter and others. The report stated:
“The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cyber security firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
“On November 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites.
“Trustwave notified [the affected] companies of the breach. They posted their findings publicly on [December 4].”
As of right now, there is no evidence that the hackers have accessed the accounts, but John Miller, a security research manager at Trustwave admits that it’s a likely possibility. Miller added that it’s also unknown how the keylogging software got onto so many personal computers as the hackers relaying the information to a server made it impossible to track. It’s possible that the breach is still ongoing despite being discovered; Trustwave is still trying to track down several other similar servers.
The Demand for Better Protection of Personal Information
When online security is breached and private information stolen, we are reminded that companies need to invest more in protecting the customer’s information.
The onus is on the companies to improve, either by finding more secure options or by requiring more authentication. It comes at a minor inconvenience for the consumer, but it’s nothing compared to the inconvenience caused by having that information stolen.
Our partner Alarm.com requires multiple levels of verification to ensure that the user trying to access an account is properly identified. In addition, there are multiple security measures in place to protect the loss, misuse and alteration of your information, should the worst happen.
Computer Security: User Caution
Blame for the breach does not fall squarely on businesses. While it’s necessary for businesses to strengthen their online security, users also have a responsibility.
Pony malware is commonly installed on a computer through users clicking on infected links. This causes an automatic installation and puts any private/personal information at risk.
It shouldn’t come as a huge surprise that this occurred during the busiest online shopping season. In fact, it’s possible we might be hearing similar stories in the upcoming weeks, as we’re prone to believe those “too good to be true” deals that pop up.
This serves as a reminder to always be cautious while on the internet.
Social Media Security
The same caution needs to be practiced on social media. It’s becoming increasingly common to see tweets or comments that contain malicious links. They can even appear to be messages from your friends! If you’re unsure if a link is real, ask the sender to verify. It’s an easy step to take to ensure you’re information is safe.
For more tips, check our recent post on the topic from Cyber Monday.
The Pony malware is another breach in cyber security that serves as a notice for both company and consumer. Businesses need to improve security measures to protect a customer’s personal information, -- especially when businesses collect more personal information than ever.
You have to protect yourself. Exercise caution with how much information you share and with who you’re sharing it with. Follow online safety tips that can be found around the web and keep an eye out on this blog because we’ll have our own set tips for you soon!
If you have tips of your own or rules that you follow regarding sharing information on the internet, we’d love to hear them, leave them in the comments below!