Google Password Theft

A password used to serve as a measure to ensure that your Web account is safe from hacking.

Well, not anymore, according to Google anti-abuse researcher Kurt Thomas.

No Longer A Paradigm

Passwords are no longer a paradigm that you can no longer trust in,” Thomas told Mashable.

Thomas’s statement comes after researchers of the Internet search giant conducted a year-long study into how hackers filch passwords and expose them.

In conducting the study, Google worked with University of California Berkeley cybersecurity experts to track hacking activities and came out with the results on Thursday.

The study’s abstract said: “In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential (username and password) theft and assess the risk it poses to millions of users.”

Over the course of March 2016–March 2017, we identify 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and

1.9 billion usernames and passwords exposed via (third-party) data breaches and traded on black market forums.”

Thomas explained that with the study, they are “providing solid evidence about how this (referring to password theft) is going on in the wild.”

He said they discovered that most passwords “are obtained through “deceptive e-mail phishing and ‘third-party breaches,’ such as hackers scraping passwords from a massive corporation like Equifax.”

Passwords are attractive to hackers because a Google account password, for example, can allow access to a person’s email and other accounts.

It’s the key to the kingdom. Accounts are incredibly valuable to hijackers. There’s an incredible effort they’re putting into getting access to your email,” Thomas emphasized in the Mashable interview.

Password Managers

Thomas said to prevent hackers from stealing your password in any of your Web accounts; he suggested using “reputable password managers.”

He also recommended the use of different passwords across all accounts.

What’s Next?

Google’s study shows how credential theft is carried out.

What are your thoughts on Google’s study? Share them by commenting below.