Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Two million stolen passwords: How to protect yourself


This week Trustwave security researchers uncovered a criminally controlled web server that contains nearly two million stolen account usernames and passwords for many popular sites, including Facebook, Twitter, LinkedIn, Google and Yahoo. Over the past few days, news outlets worldwide have reported on the discovery, and many people, including our customers, have questions about the malware, its impact and how they can protect themselves.

What we know

Users most likely had their credentials stolen when they errantly clicked on a malicious link or attachment, or unknowingly visited a malicious website that installed data-stealing malware, known as "Pony", onto their computers. This malware then delivered their usernames and passwords to a botnet server. Pony malware has two methods of stealing credentials. First it scans through stored passwords in a user's browsers, email clients and other software. It also monitors web traffic to identify when a user is logging into a website and then attempts to steal the password.

Malware mitigation tips

Below is some general advice about protecting yourself against this and future attacks, which likely will take on similar characteristics.

Don't click on suspicious links or open suspicious attachments: One of the ways the Pony malware spreads is through email. If you weren't expecting an email that contains a link or an attachment, don't click on or open it. Social engineering scams often look like the real thing, so it's a good idea to also have in place an email security solution that analyzes inbound content and filters out links and attachments to malware.

Keep your computer patched and up to date: The Pony malware also can infect users' machines if they simply visit a booby-trapped website. Typically, these "drive-by download" installations take advantage of a browser plug-in that is out of date. Make sure all of your software is updated to the latest version, and consider a web security solution that can evaluate the intent of web pages and help strip out malware.

Run anti-virus: The Pony malware also can hit users that are tricked into installing a bogus product update. Avoid falling for these ruses, and ensure you are running updated anti-virus and intrusion prevention defenses.

Train your staff: Give your employees the know-how to protect your data and network from malware. Security Awareness Training helps reduce the chances that your business will become a victim of data-stealing malware.

Choose a complex and unique password: Having a strong and unique password wouldn't have protected you against this malware, but the server we came across showed that far too many people use easy-to-guess passwords and likely share them across different accounts. The most common password we discovered was "123456." Passwords that contain at least eight characters and are alphanumeric in their structure are less predictable and far more difficult to crack than shorter ones. Users should also use "passphrases" to make them easier to remember, such as "myD0g1sL0ud". Also, make sure you use different passwords for all of your online accounts. 

Help from Trustwave

Trustwave offers a variety of technologies and services that helped automatically protect our customers from this and other forms of malware. They include Trustwave Secure Web Gateway, Trustwave Secure Email Gateway (MailMarshal) and Trustwave Managed Email Security (MailMax).

For more technical information about this recent threat, visit the Trustwave SpiderLabs Blog at: The blog also will feature updates as they become available.

Dan Kaplan is the manager of online content at Trustwave.



Latest Trustwave Blogs

Trustwave Webinar: Getting Started with Microsoft Copilot for Security

As a Microsoft security partner, Trustwave has committed itself to helping clients get the most out of their Microsoft E5 license, including properly setting up one of E5's primary features -...

Read More

Think Pink

There are some people who say, "I already conduct red team exercises, why would I need something different that is nothing more than a watered-down red team?"

Read More

Unlock Zero Trust: Why Database Security is the Missing Piece

As organizations consider their journey to establishing a strong Zero Trust culture, they must adopt a data-centric approach, and this begins with ensuring database security.

Read More