A malicious piece of software stole thousands of passwords from users affiliated with the Roseland-based business outsourcing firm ADP, according to computer security firm Trustwave.
The software, directed by a program known as Pony Botnet Controller, infects computers and tells them to engage in concerted malicious activity. The resulting "botnet" is far more powerful than any single computer, and hackers use it to log keystrokes and other activity as unwitting victims use their computers.
Trustwave reported Tuesday nearly 8,000 ADP passwords were among roughly 2 million login credentials stolen from several companies, including Facebook and Yahoo.
ADP, however, disputed the original Trustwave number. The company clarified to NJBIZ Thursday its internal analysis indicates about 2,400 user credentials were compromised in this incident.
The company said, to its knowledge, none of its clients has been adversely affected, but "out of an abundance of caution, ADP is requiring a password reset for all affected clients."
ADP is the only business institution in the top 10 affected companies, with Facebook, Yahoo, Google, Twitter, LinkedIn and several Russian social networking domains rounding out that group.
ADP has approximately 620,000 clients in more than 125 countries, according to its website.
This story has been updated to incorporate clarification from ADP.