Skip to main content
close search
site logo
Dive Brief

From passwords to PII, Google account information readily available on black market

Published Nov. 10, 2017
By
Associate Editor
Flickr user Nguyen Hung Vu

Dive Brief:

  • If you reuse your passwords across accounts, this one is for you. Around 12% of records compromised by data breaches include a username or password for Gmail, and 7% of those records are valid for reuse, according to Google research of account takeover and hijacker black markets.

  • Google accounts were especially targeted by phishing and keylogger schemes from March 2016 to March 2017, and 12-25% of attacks resulted in attackers acquiring a valid password. Phishing was the biggest threat to users, followed by keyloggers and third-party breaches.

  • As platform providers beef up authentication requirements for gaining access to accounts, attackers are no longer targeting just passwords. More than 80% of blackhat phishing tools and close to three-quarters of keyloggers also tried to yield an IP address and location from their attacks, and close to 20% of attack tools yielded a phone number as well as device make and model.

Dive Insight:

Email continues to serve as the backbone of business communication, so email security needs to be at the forefront of cybersecurity teams' minds. Just ask Deloitte how many problems a hack of employee and client emails can cause especially when such a hack is performed through a single password portal that could easily be strengthened.

Increasingly sophisticated attacks and hackers certainly make it hard for platform providers to ensure best security practices. Google was able to use its research findings to secure 67 million accounts from abuse, and the company debuted a heightened protection program for Gmail users especially susceptible to personalized attacks in November.

While email providers can use encryption and other practices to secure sensitive data, ultimately the strength and security of their platform is only as strong as the weakest user. And human error has shown time and again how accidentally susceptible users are to phishing scams, ransomware and other personalized attacks.

Bill Burr, the father of modern password policies, recently said the password policies and recommendations he wrote in 2003 don't actually protect users, and the National Institute of Standards and Technology revamped best practices to remove arbitrary character and frequent reset requirements.

Making the perfect password to ward off attacks may be an impossible task, but most users should recognize that some of the onus falls on them. Among the top 10 passwords across plaintext leaks were "123456," "password," "qwerty," "abc123," "password1" and "123456789," according to Google's research.

Multifactor authentication can help reinforce access points, and the Social Security Administration and Department of Veterans Affairs have both found success in this simple security measure. However, as multifactor authentication slowly expands to include biometrics, users and providers will have to face a coming battle of how much personal information is too much to surrender for the sake of secure login

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Cosentino Drives Business Transformation with AI Powered by Celonis Process Intelligence
From Celonis
October 23, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell