Google studied how to hack an account by going to the dark web to understand how the dark side of the web works, and a security study was born
Google went to the dark web to understand how to hack an account and find appropriate security measures. Security threats like the phishing, the keylogging and the third party violations they are quite common. Google wanted to gain a better understanding of how hijackers steal passwords and other sensitive data, so it conducted an analysis of online black markets from March 2016 to March 2017 and found that among the three types, phishing is the biggest threat to online security; furthermore, together with the credential leaks, the two represent a threat “of order of magnitude greater than the keylogger".
How to hack an account, according to Google
The technology giant has discovered that, in a year of surveys carried out on the black market of cybercrime, approximately 788,000 credentials I'm been stolen through keyloggers, 12 million stolen by phishing and 3.3 billion exposed by third-party violations. A total of about 12 percent of registered cases used Gmail addresses as usernames and seven percent of those accounts reused the Gmail password for other services, making the credentials more vulnerable than others.
Security measures to avoid having an account hit
However, as Google incorporates security measures to prevent outsiders from accessing accounts, the company has also noticed increasingly sophisticated tools that can collect data other than user names and passwords. Among the phishing tools and keyloggers examined by Google, respectively, 82% and 74% have the ability to collect IP addresses; Google has also found the presence of tools able to collect telephone numbers, as well as the type of device and the model.
Hijackers can then use this information to authenticate the identities of the accounts they are stealing.
Google has studied how to crack an account, for your security
Google claims to have used the information learned from the study for improve existing protections and secured 67 million Google accounts before they were attacked "; it also launched new security features over the past year, including Advanced Protection to secure the accounts of the most vulnerable people from attacks, such as celebrities and politicians.
Although it provides extensive account protection, Google still recommends using a gpassword enerator and to activate two-factor authentication to make credentials “unphishable".