Google reveals how hackers break into people’s Gmail accounts

'What we learned from the research proved to be immediately useful'

Aatif Sulleyman
Friday 10 November 2017 17:44
Comments

Google says that phishing attacks pose the “greatest threat” to users of its services.

The company has studied the ways in which hackers steal people’s passwords and break into their accounts.

In the space of 12 months, it found 788,000 login credentials stolen via keyloggers (tools that secretly record every key you press), 12 million stolen via phishing (a method of tricking you into giving up your personal information), and 3.3 billion exposed by third-party data breaches.

According to the company, 12-25 per cent of phishing and keylogger attacks against Google accounts result in a valid password being exposed.

However, attackers are going further than this. They’re using tools that also attempt to work out targets’ phone numbers, IP addresses, device types and locations, in case a password isn’t enough to successfully hijack an account.

“By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches,” said Google.

It added, “What we learned from the research proved to be immediately useful. We applied its insights to our existing protections and secured 67 million Google accounts before they were abused.”

Google teamed up with UC Berkeley for the research, in which they analysed “several black markets” that traded third-party password breaches and 25,000 blackhat tools used for phishing and keylogging, between March 2016 and March 2017.

Despite its warnings about phishing and keylogging attacks, Google also found that 12 per cent of the 3.3 billion leaked records included a Gmail address, and seven per cent of the passwords linked to these were valid, due to the account owners reusing them.

“Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets,” said Google.

While the study focused on Google accounts, the company warned that these hijacking tactics pose a risk to accounts across all other online platforms too.

Google recommends protecting yourself by visiting its Security Checkup page and allowing Chrome to automatically generate passwords for your accounts and save them via Smart Lock.

“Finally, we regularly scan activity across Google’s suite of products for suspicious actions performed by hijackers and when we find any, we lock down the affected accounts to prevent any further damage as quickly as possible,” the company added.

“We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in