Your social media secrets may not be safe as nearly two million Facebook, Twitter, Google, Yahoo and other websites' usernames and passwords have been stolen.

According to Trustwave, a cyber security firm, hackers stole data from these popular sites via a keylogging software named Pony that was installed maliciously on an unknown number of computers around the world. For a month, the virus stole the log-in information from various websites and sent them to a server that is owned by the hackers.

Here is the breakdown of which accounts were affected the most:

  • 318,000 Facebook accounts
  • 70,000 Google accounts, including Gmail, YouTube and Google+
  • 60,000 Yahoo accounts
  • 22,000 Twitter accounts
  • 9,000 accounts from Russian social network Odnoklassniki

"We don't have evidence they logged into these accounts, but they probably did," John Miller, a security research manager at Trustwave, said.

Trustwave found the hackers' server on Nov. 24 in the Netherlands. Log in information for over 93,000 websites were stored on the server.

"It was the individual users' computers that had the malware installed on their machine," Miller told ABC News.

According to Miller, it is likely that the hackers created Pony in order to make money.

"These passwords were never publicly posted," he said. "We can't say for sure, but [the hackers] were probably going to sell them."

Miller says that those who were affected will be instructed to reset their log in information upon logging in to the affected site.

On Tuesday, Trustwave wrote a blog post with a breakdown and analysis of the hackers' stolen information. The data showed how simple passwords tend to be, making them easy targets for hacking.

"For a better password, we recommend a mix of uppercase, lowercase, numbers and special characters," Miller explained. "We also recommend using longer passwords or 16 or more characters, as well as using different passwords on different websites."