Two million log-ins stolen from Facebook, Google, ADP payroll processor The attackers are using the ‘Pony’ botnet command-and-control server software

08 Jul Two million log-ins stolen from Facebook, Google, ADP payroll processor The attackers are using the ‘Pony’ botnet command-and-control server software

Two million log-ins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed “Pony.”

Another company whose users’ log-in credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave’s SpiderLabs.

[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld’s “Fight Today’s Malware” Shop Talk video and Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld’s Security Central newsletter. ]

It’s expected that cybercriminals will go after main online services, but “payroll services accounts could actually have direct financial repercussions,” he wrote.