Recently, the search giant Google published the result of a study on Internet security and theft of credentials. In between March 2016 and March 2017, phishing and keylogging tools were used to steal an average of 248,000 accounts every week.
Google: Hackers Steal Almost 250,000 Accounts Every Week
In partnership with the University of California at Berkeley, Google published the result of a study on Internet security and theft of credentials – log in and password – from people across the world.
The study observed and reported 25,000 different tools used for the most diverse scams on the internet, from phishing to security breaches. In all, researchers at Google and Berkeley have identified more than 3.3 billion stolen credential that was exposed by third-party breaches.
In between March 2016 and March 2017, phishing and keylogging tools were used to steal an average of 248,000 accounts every week. In other words, there are approximately 1 million credentials stolen per month.
Most of the stolen accounts, however, were left in the hands of hackers because of leaks and security breaches at some giant companies Equifax, Yahoo, and other.
According to Google, the significant risk to users lies in tools that attack them directly, such as phishing scams and keylogging. In the first, a hacker uses social engineering tricks to pass himself off as a trustworthy company or person, and thus steal credential data from users. In the second, malicious code registers the keys that the victim types when accessing a service.
In every case, a negligence of the user is all that the hacker needs to have access to the account. By phishing and keylogging, an attacker is more likely to hijack an account because, with this extra information, it may well cross the boundaries of a two-step authentication system.
Of the 3.3 billion stolen accounts the researchers found, 788,000 were obtained through keylogging and 12 million were through phishing. After the study, Google says it has prevented 67 million Google accounts from being abused. The company recommends users to protect themselves by using the personalized account security checkup.
So, what do you think about this? Share your views in the comments below.