The Newsy video account of Dec. 5, 2013 (with Mikah Sargent) may have bad news about your online credentials. The Pony online controller may have been "compromised" and turned into a botnet. That botnet happened to be malicious and may have "scraped" your online password/s. This column's twitter account reported the breach Dec. 4, 2013. Threatpost also reported on the theft of some "2 million passwords" using the controller botnet. Newsy and Mikah do make mention also that the original "cop" was reported by Trustwave Spiderlabs security. An apology for the unfortunate use of “clueless password” is made and an explanation is coming.
The report of a major hack of passwords is only the latest in a string of such hacks. The Pony botnet hackers may have originated somewhere in Russia (Threatpost). The hacks may have been performed from a proxy server in The Netherlands (proxies have happened there in recent history). It was then easy pickings for the hoods to swipe several million passwords and other identifying online information. And your own password may have helped them. Clueless passwords like "123456" or "111111" are still in use on several major websites. Those types of passwords make it easy to guess them and take them once the Pony botnet (or other hack controller) has accessed the targeted sites.
Thinking out what your best password choice might be is important for defending your online presence. According to this latest attack online entities like Google, LinkedIn, Yahoo, Facebook and Twitter may have been hacked to some extent. The Trustwave Spiderlab post may give you some good suggestions. Also, most websites will inform you if your password is "strong" or "weak" when choosing one. It would be unfortunate to choose the "weak" password.
But how do you know if your online account has been "pwned"? Troy Hunt explains on his website Dec. 5 and Dec. 4, 2013 his creation of the pwn engine "Have I been pwned?". Two personal e-mail addresses were used to check for botnet hacks - and came back "safe". Is the pwn engine itself safe to use? A review of its elements were compared with a "malicious site" - an amateurish response is that the pwn engine "appears to be safe". Can you access your online accounts - have they been compromised by the Pony botnet? If or if not please check to see that you have not used a weak password.