Google Presents New Research on Understanding the Root Cause of Account Takeover
Account takeover, or ‘hijacking’, is a common problem faced by users across the world. According to Google, “more than 15% of Internet users have reported experiencing the takeover of an email or social networking account. However, despite its familiarity, there is a dearth of research about the root causes of hijacking.”
To better understand how accounts are taken over by hijackers in the real world, Google partnered with the University of California, Berkeley. Google said, in a blog post, “From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data.”
According to Google, Phishing attacks through fake emails are the greatest threat to people, followed by keyloggers and then third-party breaches.
Talking about the new insights resulting from the research effort, Google says:
“Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging. In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches.
While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12% of the exposed records included a Gmail address serving as a username and a password; of those passwords, 7% were valid due to reuse. When it comes to phishing and keyloggers, attackers frequently target Google accounts to varying success: 12-25% of attacks yield a valid password.
However, because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity. We found 82% of blackhat phishing tools and 74% of keyloggers attempted to collect a user’s IP address and location, while another 18% of tools collected phone numbers and device make and model.
By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.”