Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Says Hackers Steal Almost 250,000 Logins Each Week (cnn.com)

Posted by msmash on from the user-behavior dept.

Google is digging into the dark corners of the web to better secure people's accounts. From a report: For one year, Google researchers investigated the different ways hackers steal personal information and take over Google accounts. Google published its research, conducted between March 2016 and March 2017, on Thursday. Focusing exclusively on Google accounts and in partnership with the University of California, Berkeley, researchers created an automated system to scan public websites and criminal forums for stolen credentials. The group also investigated over 25,000 criminal hacking tools, which it received from undisclosed sources. Google said it is the first study taking a long term and comprehensive look at how criminals steal your data, and what tools are most popular. [...] Google researchers identified 788,000 potential victims of keylogging and 12.4 million potential victims of phishing. These types of attacks happen all the time. For example on average, the phishing tools Google studied collect 234,887 potentially valid login credentials, and the keylogging tools collected 14,879 credentials, each week.

5 of 33 comments (clear)

  1. Only a matter of time... by uCallHimDrJ0NES · · Score: 2

    ...until they offer us the solution of total account security through total surveillance. They can then assure us that no one is using our accounts besides ourselves and every single paying Google customer, any one of whom can watch our individual surveillance feeds for a fee.

    --
    Cloudiot: A person who does not see offsite storage as a way to lose control over access to his or her own data.
  2. Ironic that this is preventable... by ctilsie242 · · Score: 4, Insightful

    Google has a good selection of 2FA tools, be it the app (which lets you tap "yes" on your phone), their authenticator, SMS fallback, etc. I'm surprised why more people are not enabling authentication. That way, a revealed password isn't the end of the world, although stealing auth tokens can be still a valid attack, but that is a lot harder to do than a passive keylogger.

  3. Re:hackers did it! with hacks! while hacking! by msmash+(Top+Editor) · · Score: 3, Funny

    Quit being so critical. You don't like it? You go to Ars, son!

  4. Enabling?!?! by Anonymous Coward · · Score: 2

    Google has a good selection of 2FA tools, be it the app (which lets you tap "yes" on your phone), their authenticator, SMS fallback, etc. I'm surprised why more people are not enabling authentication. That way, a revealed password isn't the end of the world, although stealing auth tokens can be still a valid attack, but that is a lot harder to do than a passive keylogger.

    If it's that good then why isn't it on by default?

    Seriously, what the fuck is wrong with technology firms? They sell these consumer electronics items and leave them wide open?

    What a bunch of morons - THEY are the morons!

    And if "hackers" can break into Google, I guess those Google "engineers" aren't such hot shits after all.

  5. Re:No TOTP w/o expensive, insecure SMS by Baron_Yam · · Score: 2

    SMS has a big bonus though - it almost always goes to a device exclusively linked to you that you willingly carry around with you almost all the time.

    In the game of social network data mining, giving someone your cell number and confirming the connection via SMS is like handing over your government ID while letting them scan your face, fingerprints, iris, retina, voice patterns, and gait.