Google reveals results of password theft study with UC Berkeley

A password used to serve as a measure to ensure that your Web account is safe from hacking.

Well, not anymore, according to Google anti-abuse researcher Kurt Thomas.

No longer a paradigm

“Passwords are no longer a paradigm that you can no longer trust in,” Thomas told Mashable.

Thomas’ statement comes after researchers of the Internet search giant conducted a year-long study into how hackers filch passwords and expose them. In conducting the study, Google worked with the University of California, Berkeley cybersecurity experts to track hacking activities and came out with the results last week.

The study’s abstract said: “In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential (username and password) theft and assess the risk it poses to millions of users.”

“Over the course of March 2016–March 2017, we identify 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via (third-party) data breaches and traded on black market forums,” the study noted.

Thomas explained that with the study, they are “providing solid evidence about how this (referring to password theft) is going on in the wild.” He said they discovered that most passwords “are obtained through “deceptive e-mail phishing and ‘third-party breaches,’ such as hackers scraping passwords from a massive corporation like Equifax.”

Passwords are attractive to hackers because a Google account password, for example, can allow access to a person’s email and other accounts.

“It’s the key to the kingdom. Accounts are incredibly valuable to hijackers. There’s an incredible effort they’re putting into getting access to your email,” Thomas emphasized in the Mashable interview.

Password managers

Thomas said to prevent hackers from stealing your password in any of your Web accounts; he suggested using “reputable password managers.”

He also recommended the use of different passwords across all accounts.

 

—

DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.

Featured image via DepositPhotos.