How To Secure Yourself From Username And Passwords’ Thieves – Google Report


Google and Berkeley researchers published the study focusing on the data breaches, phishing and malware that are used to steal passwords and usernames.


The main cause

According to the report, there are nearly 1.9 billion stolen passwords and usernames available on the black market forums. Up to 25% of them still can be used to access Google accounts.

As researchers write, the main reason for such data leaks is that a great number of people reuse their accounts passwords at different services and platforms such as MySpace or LinkedIn. It allows hackers to simply try all the breached passwords on Google, hoping that some would work, and get an access to your email.

“Through a combination of password re-use across thousands of online services and targeted collection, we estimated 7–25% of stolen passwords in our dataset would enable an attacker to log in to a victim’s Google account and thus take over their online identity due to transitive trust.”


Sources of  breaches

Among the services in the database of usernames and associated password data breached there are also Adobe, Tumblr, Dropbox and others.


Source: Google Report

Previously, it was reported about other huge hacks caused by multiple using the same password.

Thus, Facebook CEO Mark Zuckerberg used the same password — “dadada” — for his Twitter and Pinterest accounts, which were briefly taken over in 2016 by hackers calling themselves the OurMine team.

OurMine, reportedly using stolen passwords, also targeted Google CEO Sundar Pichai, actor Channing Tatum, and Amazon CTO Werner Vogels.

Malware, phishing tools and keyloggers – what are they?

Another issue in the research is the specific malware and phishing tools that are used for stealing data. They may secretly record what is typing or include links in fake emails so a user will type passwords into the sketchy site. There are 12.4 million potential victims of these kits, write the researchers.

Another hacker’s’ tools are different “keyloggers” – the specific kind of software which runs on a victim’s computer and sends information back to an attacker. The most popular keyloggers are “HawkEye” or “Cyborg Logger.”

How to secure your data?

The researchers give recommendations for companies and users how to protect yourself from such attacks. First of all, you should change your passwords that duplicate on different websites and services. The easiest way is to use a password manager – a free online service that creates random passwords. So if one site is breached, then hackers don’t have access to your other accounts, especially your email.

Another easy thing to do is to not use an insecure password, especially one of the most commonly used passwords like “123456” or “abc123”.


Source: Google Report

By the way, the Americans are four times more worried about getting hacked than murdered.

Also read other hot stories:

Like this post? Let us know!
  • CoolAF (0%)
  • Cool (0%)
  • Whatever (0%)
  • Boring (0%)
  • WTF (0%)
No tags for this post.

More News from Nexter