Google: There are 1.9 billion usernames and passwords on the black market [source: v3.co.uk]
by CIRT Team
Research by Google and the University of California has found that there are more than 1.9 billion usernames and passwords available on the black market, many of which can be used to access Google accounts.
According to the study, cybercriminals are gaining access to people’s passwords and flogging them on the dark web at a profit.
The researchers used Google’s proprietary data to see whether or not stolen passwords could be used to gain access to user accounts, and found that an estimated 25 per cent of the stolen credentials can successfully be used by cyber crooks to gain access to functioning Google accounts.
The researchers wanted to study the “underground ecosystem” that’s responsible for data theft. Between March 2016 and March 2017, they identified 788,000 potential victims of keyloggers and 12.4 million potential victims of phishing.
“Using this dataset, we explore to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust,” the researchers wrote.
“Through a combination of password re-use across thousands of online services and targeted collection. “We estimated seven to 25 percent of stolen passwords in our dataset would enable an attacker to log in to a victim’s Google account and thus take over their online identity due to transitive trust.”
“For these accounts, we show how hardening authentication mechanisms to include additional risk signals such as a user’s historical geolocations and device profiles helps to mitigate the risk of hijacking.”
Despite the threats, companies and government organisations have yet to put significant strain on these crooks.
For more, click here.