Security alert from Google: one million account credentials are stolen every month

The numbers are the results of a year-long research project analysing how cybercriminals manage to hijack user accounts by obtaining passwords and login codes. Google’s research examined three common ways hackers manage to hijack accounts between March 2016 and March 2017. Of the three, two of them – phishing and keylogging – were used by cybercriminals to steal up to 250,000 account logins every week, the tech company found.

The largest number of stolen logins that Google found for sale on black markets totalled 3.3 billion and came from third-party data breaches. In terms of risk to users, however, Google says that data breaches fall far behind phishing, where a hacker pretends to be a person or company and directly asks for user data, and keylogging, which is a more direct attack that records users when they are typing.

With more information about the user in hand, phishing and keylogging techniques are far more successful. Google says that 12-25% of the attacks recorded during its research yielded a valid password, while third-party breaches settled at 12%. Throughout the research, Google’s sources helped it identify 788,000 credentials stolen through keyloggers, and 12 million obtained through phishing.

The research has given Google some useful data that it has already put into action. Furthermore, the company recommends users to run a Security Checkup in case of worries about account’s security.