It seems like no longer can our passwords be the safe word that we take refuge in. Around 15 percent of the internet users have complained about their mail or social media accounts being hacked by unknown sources. In order to look into the matter, Google assigned a research team to find out how these accounts are being hacked. The Google research team collaborated with the cyber security experts from the University of California Berkeley.
What’s the findings?
The research that started in the March of 2016 was finally concluded this year and the results were made public over the weekend. Google and UC Berkeley investigated several black markets in order to observe how passwords and sensitive data is stolen by the hijackers. The Google research results showcased that most of the account details were hacked through phishing. The remaining two methods were keyloggers and third-party security breaches.
Phishing is when hackers mail people, posing as a reputed company, and ask for your email or credit card information. Keyloggers is a tool used by many hackers to record the keys pressed into the computer while logging in.
Kurt Thomas, Google anti-abuse researcher said to Mashable, “There’s a lot of anecdotes about how accounts are being hijacked and we’re providing solid evidence about how this is going on in the wild.”
Let’s talk numbers
Google research stated that most of the passwords they acquire, are through deceptive e-mail phishing or third-party breaches. The figures revealed from the one year research are quite staggering. 12.4 million credentials were obtained through phishing, 788,000 victims were hacked through keylogger and 1.9 billion credentials were stolen during third party breaches. Hackers hack into so many accounts because they are viewed as “attractive commodity” on the black market. The Google mail id and password allows other to access not only your mails but also Google Drive, documents, etcetera. The researchers have stated that there are over 1.9 billion usernames and passwords on the black market forums.
Thomas remarked, “It’s the key to the kingdom.” He further added, “Accounts are incredibly valuable to hijackers. There’s an incredible effort they’re putting into getting access to your email.”
The Google research advises us to make use of two-factor authentication. For this, users require a special security key or even a code that is messaged directly to them. The researchers also recommend that people use different passwords for different accounts. This is because in case one of the accounts are hacked into, the others are not compromised. Another suggestion is to make use of a complex password and not something as insecure as “12345.” The research is more of an eye opener to those who tend to easily get fooled by any mails. Although it may look attractive at first, it might be the scariest thing you could be getting into.