According to internet security firm Trustwave, roughly two million credentials to log into some of the world's most popular websites and email services have been stolen in a sophisticated scheme.
According to the company, the source was a Netherlands-based server that was infecting other computers, turning them into "zombies" to collect more log-in information and relay the information back to the Pony botnet, which has been tied to malicious cyberactivity in the past.
Users in 92 countries are believed to be affected.
"As one might expect, most of the compromised web log-ins belong to popular websites and services such as Facebook, Google, Yahoo, Twitter, LinkedIn, etc.," Trustwave said on its website.
The company says hackers stole at least:- 318,000 Facebook accounts
- 70,000 Gmail accounts
- Almost 60,000 Yahoo accounts
- 21,000 Twitter passwords
- 8,500 LinkedIn accounts
- 41,000 FTP account credentials
In total, some 1,580,000 website login credentials were stolen, in addition to 320,000 email account credentials.
Two Russian websites were high on the list, a sign that the country could be tied to the attack. And Trustwave noted the presence of job staffing firm ADP.com in the mix.
ADP issues a closely watched index of U.S. jobs that often moves markets.
"Facebook accounts are a nice catch for cyber-criminals, but payroll services accounts could actually have direct financial repercussions," Trustwave noted.