Google teamed up with the University of California, Berkeley, to research how electronic hijackers take over Internet accounts. According to Google, more than 15% of Internet users reported the takeover of an email or social networking account (“hijacking”). The research with Berkeley involved analyzing black markets to see how hijackers steal passwords and other sensitive data.
Google identified 788,000 credentials stolen by keyloggers, 12 million credentials stolen by phishing, and 3.3 billion credentials exposed by third-party breaches. Many of the breaches involves an email address serving as both a username and password. Since Google generally requires information in addition to password to gain access to an account, Google discovered that many hijackers attempt to collect a user’s IP address and location, along with phone numbers and device make and model.
Google is implementing additional safeguards to help prevent attacks. Some of these initiatives include Safe Browsing, which alerts users before they visit a dangerous site; Advanced protection, which is extra security for high-risk accounts requiring additional credentials, and an increased use of two-factor authentication. Google also released a Security Checkup list, which can be accessed by clicking here.