Massive hack steals 2m passwords from website accounts in US

A security hack characterized as massive has resulted in 2 million Facebook, Gmail and Twitter passwords being stolen, a U.S. information security firm says. Keylogging software maliciously installed on a large number of computers around the world has been capturing log-in credentials for key websites during the past month and sending usernames and passwords to a server controlled by the hackers, a report released Tuesday by digital security company Trustwave said. The server, tracked to the Netherlands, help compromised account credentials from more than 93,000 websites, CNN reported. "We don't have evidence [the hackers] logged into these accounts, but they probably did," John Miller, a security research manager at Trustwave, said, adding his company notified the companies affected by the breaches. "Facebook takes people's information security extremely seriously and we work hard to protect it," a Facebook representative said in a statement. "While details of this case are not yet clear, it appears that people's computers may have been attacked by hackers using malware to scrape information directly from their Web browsers." The keylogging software was set up by the hackers to rout information through a proxy server, so it's impossible to track down which computers are infected, Miller said. He recommended users update their antivirus software and download the latest patches for Internet browsers, Adobe and Java.