Google study reveals 25% of black market passwords can access accounts

Associating accounts to particular devices guards against hacking, says report

Google report findings: a lesson for the end user is to use two-factor authentication where available and carry out a regular password audit

Google report findings: a lesson for the end user is to use two-factor authentication where available and carry out a regular password audit

 

Following a one-year study of black-market forums where personal data is bought and sold, Google identified 788,000 potential victims of off-the-shelf keyloggers (which allow keyboards to be monitored), 12.4 million potential victims of phishing kits, and 1.9 billion usernames and passwords exposed via data breaches.

Using Google accounts as a case study, the company found that between 7 and 25 per cent of these exposed passwords matching a user’s account, making it possible for an attacker to take over their online identity.

Research backs this up: 15 per cent of internet users have reported experiencing an email or social networking account takeover at some point. The study also found that strengthening aspects of authentication does help. For example, associating a Google account to particular devices and geolocation makes it easier to spot a potential hacker.

Google also noted that it used the findings of this study to ramp up security measures on 67 million of its accounts. However, a lesson for the end user is to use two-factor authentication where available and carry out a regular password audit.

bit.ly/googleaccountsecurity