Cyber security firm Trustwave announced on Tuesday that nearly 2 million online accounts have been hacked, compromising the privacy of users of Facebook, Yahoo, Google, Twitter, and payroll service company ADP in nearly 100 countries. According to Trustwave, the violation was likely achieved using keylogging malware, began on October 21, and is possibly ongoing. CNN reports that Trustwave has alerted affected users of the security breach.
Trustwave says that roughly 1.58 million website logins, 320,000 email accounts, and several other credentials were stolen. According to CNN, the breach affected 318,000 Facebook; 70,000 Gmail, Google+, and YouTube; and 22,000 Twitter accounts, among others. A security research manager at Trustwave told USA Today that though the company cannot prove the information was used, hackers probably did log in to compromised accounts. The most severe repercussions could be for the 8,000 affected ADP users, whose financial information is linked to the service.
Compromised users are mostly concentrated in the Netherlands, followed by Thailand, Germany, Singapore, the United States and others.
A spokesperson for Trustwave said that the companies should not be blamed for the security fail, explaining to Mashable that "Individual users had the malware installed on their machines and had their passwords stolen. Pony [botnet controller] steals passwords that are stored on the infected users' computers as well as by capturing them when they are used to log into web services."
The users, however, may be slightly more culpable.