Hackers using a custom Trojan-type malware stole nearly 26 million login credentials – emails or usernames and associated passwords – from almost a million websites over a two year period, including from such namesakes as Amazon, Facebook, and Twitter, according to cybersecurity provider NordLocker.
The malware infiltrated over 3 million Windows-based computers between 2018 and 2020, with the cyber intruders making off with around 1.2 terabytes of personal information, according to a case study carried out by NordLocker in partnership with a third-party firm specializing in data breach analysis.
The 26 million stolen login credentials were across twelve different website types, including social media, online gaming, and email services. They included such household names as Google (1.54 million), Facebook (1.47 million), Amazon (0.21 million), Apple (0.13 million), Netflix (0.17 million), and PayPal (0.15 million).