Hackers published two million passwords online, security experts have said (Picture: Alphaspirit/Getty)

Two million passwords for social media and email accounts have been released online by hackers, IT security experts have discovered.

The passwords for the compromised accounts are believed to have been collected by a botnet which uses infectious software to take note of the keystrokes of its targets.

Thousands of Facebook, Google, Yahoo, Twitter and LinkedIn accounts were hacked with details published online by what are believed to be cyber criminals.

Of the passwords there were 318,000 Facebook, 70,000 Google (including Gmail, Google+ and YouTube), and 60,000 Yahoo accounts – though their age is unknown.


‘We don’t know how many of these details still work,’ security researcher Graham Cluley told the BBC.

318,000 Facebook passwords were released as part of the sweep (Picture: Nicholas Kamm/AFP/Getty)

‘But we know that 30-40 per cent of people use the same passwords on different websites. That’s certainly something people shouldn’t do.’



It was the ‘investigators and researchers’ at SpiderLabs who uncovered the database of passwords and detailed how the attack was a global effort.

The group also looked at how people create passwords using the data published and found that the most frequent passwords are still rather obvious.

‘123456’ was the most widely used, while ‘password’, ‘123,’ and ‘111111’ were also among the top entries.

The information gathered can be used by criminals or sold on, particularly as one of the sites hacked was adp.com, a payroll website dealing with the salaries of thousands of people worldwide.

ADP, Twitter, Facebook and LinkedIn told CNN Money that they have notified affected users and reset their passwords.

MORE: 9 stupid ways to choose your Twitter, Facebook and Gmail passwords