Google has issued the terrifying warning that hackers can easily access “billions”’ of people’s usernames and passwords through the black market.
New research done by the technology giant and the University of California discovered that anyone who has an email account can be at risk of what they describe as a “triple-threat attack.”
The researchers have, in fact, identified 788,000 “credentials” stolen using tools that track users’ keyboard strokes.
Then there’s the trick used on nearly 12 million users where crooks deceived people into typing their account details by sending them links to re-set their password or pretend to be a popular brand like eBay, Amazon or a bank as reputable as Barclays.
The deceptive method is called “phishing” and is actually not easy to detect because emails may appear in the inbox as convincing-looking receipts for purchases that a user may not have completed yet.
There are still those who fall for what appears to be a convincing Amazon “thank you for your purchase” email which asks a user to click on a link in order to cancel the order. The catch is, there was never an order in the first place.
Google believes there are a shocking 3.3 billion passwords and usernames out in the wild due to the number of data breaches.
Since a password is rarely sufficient to crack one’s email account, sophisticated attackers are also trying to collect sensitive information needed to verify one’s identity.
Regarded as “Google sleuths”, Kurt Thomas and Angelika Moscicki said they found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location. They also found another 18 percent of tools collected phone numbers and device make and model.”
The pair said that what is certain is that enterprising hijackers are constantly searching for, and are able to find, billions of different platforms, usernames, and passwords on black markets.
The researchers recognize the need to continuously “evolve their defense” to stay ahead of the bad guys.