Zbot FTP credential dump taken down - over 68K accounts compromised

Aside from there being very few (if any) good reasons to still use FTP or any other protocol that relies on cleartext authentication, password practices are important for making sure your account is still only your's. Many ISPs, hosting providers, and other organizations still allow FTP for doing site updates. A large list of such accounts was recently identified thanks to the take-down of a server used to store FTP authentication credentials collected by the Zbot trojan.

Malicious server used to propagate Zbot shut down - "A criminal operation has been halted by the shutdown of a malicious server in the Cayman Islands, but attackers are probably now looking for a new home, researchers at a U.K. security firm said this week. Prevx researchers recently discovered a site where the trojan Zbot had uploaded the FTP login credentials from more than 68,000 websites, including companies such as Bank of America, BBC, and Symantec...." [Team Cymru Internet Security News]

It is entirely possible that someone you know (because nobody who reads a security blog would ever use FTP themselves, right?... right?) is affected.