Google Report on Account ‘Hijacking’ Shows How Hackers Gain Access
How blackhats use password breaches, phising and keylogging to hack.
Consider it a white paper on blackhats: Google announced findings this week on a major research report analyzing how hackers obtain access to personal accounts.
An estimated 15 percent of all internet users have experienced this kind of “hijacking” whether through their social media or email accounts. So the tech giant joined with researchers at the University of California, Berkeley to sift through such attacks from March 2016 to March 2017 on Google accounts.
The results were sobering: “Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging,” according to Google. “In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches.”
While keylogging — using a computer program to record every keystroke typed by a computer user to capture confidential information — is certainly a scourge for the industry, the bigger problem appears to lie in hackers’ other methods. Most ubiquitous is phishing, in which cybercriminals trick unsuspecting victims into divulging passwords and personal info by sending fake emails that seem to be from official companies asking for that information.
Then there are the breaches, such as the headline-grabbing attack on Equifax, that allow blackhats to gain access to databases full of potential marks.
Google used its findings to beef up its own internal security. The blog also suggests users visit the company’s Security Checkup site to update recovery information or use Chrome to automatically generate new passwords and then have them saved via the company’s SmartLock program.
This article was featured in the InsideHook newsletter. Sign up now.
Suggested for you