Internet security firm Trustwave revealed a 2 million password heist in a blog series called “Look What I Found.” The passwords were swiped from social media sites, email accounts, and even a pay service using the malicious Pony Botnet Controller. Stolen passwords from social media can be annoying but from a pay service can have financial repercussions. Trustwave came across the 2 million passwords in an online post. They notified Facebook and other sites and services before posting their blog. And they recommend protecting yourself like by activating Login Approvals and Login Notifications in your Facebook settings.