(USA TODAY) - Almost two million accounts on Facebook, Google, Twitter, Yahoo and other social media and Internet sites have been breached, according to a Chicago-based cybersecurity firm.
The hackers stole 1.58 million website login credentials and 320,000 e-mail account credentials, among other items, the firm Trustwave reported. Included in the breaches were thefts of 318,121 passwords from Facebook, 59,549 from Yahoo, 54,437 from Google, 21,708 from Twitter and 8,490 from LinkedIn. The list also includes 7,978 from ADP, the payroll service provider. According to a Trustwave blog, "Payroll services accounts could actually have direct financial repercussions."
The hacking began Oct. 21 and might still be taking place, according to CNN.
John Miller, a security research manager at Trustwave, told CNN, "We don't have evidence they logged into these accounts, but they probably did."
There are several other servers Trustwave has not yet tracked down, Miller told CNN.
ADP, Facebook, LinkedIn and Twitter told CNN they have notified users and reset passwords for compromised accounts. Google declined to comment and Yahoo did not respond immediately, CNN reported.
The majority of passwords were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the United States, which accounted for 859 reports from machines and 1,943 passwords, according to Trustwave. In all, just over 100 countries were affected, and Trustwave said this shows the attack is "fairly global."
In compiling the data, Trustwave also discovered that many users are doing just what computer specialists advise against - using simplistic passwords that can easily be guessed. For instance, the top five passwords Trustwave found in researching the breaches were: 123456, 123456789, 1234, password and 12345.
According to its website, Trustwave helps businesses fight computer crime, protect data and reduce security risks.
The breaches operated through software maliciously installed on computers around the world, CNN reports Trustwave said. The virus borne from the software has been sending the stolen information over to a server in the Netherlands controlled by the hackers, according to CNN.
Trustwave researchers on Nov. 24 detected the server and found compromised credentials for about 100,000 websites.