Using a botnet dubbed 'Pony,' hackers have stolen usernames and passwords for around 2 million accounts on many popular sites like Google, Facebook and Twitter, Chicago-based cybersecurity firm Trustwave revealed.

Trustwave said the hackers tempted web users to download the malicious software through a website or e-mail, which then monitored users' browsers and collected their log-in credentials. The hackers stole nearly 1.58 million website login credentials and as many as 320,000 e-mail account login credentials, among other things.

More precisely, the hackers stole 318,121 usernames and passwords from Facebook, 54,437 from Google, 8,490 from LinkedIn, 59,549 from Yahoo, 21,708 from Twitter, and 7,978 from payroll service provider ADP.

The majority of passwords stolen during the attack were from the Netherlands, followed by Thailand, Germany, Singapore, Indonesia and the U. S. The cyber attack was fairly global as more than 100 countries were affected.

The hacking attack, which may still be taking place, was reportedly launched in October 21 this year.

While Facebook, LinkedIn, Twitter and ADP have confirmed that they have already notified their users about the hack and suggested them to reset their passwords; Google and Yahoo haven't made any such confirmation yet.