The Inquirer writes about research carried out by Google and the University of California which found over than 1.9 billion usernames and passwords available on the black market, many of which provide access to active Google accounts.
The researchers used Google's proprietary data to see whether or not stolen passwords could be used to gain access to user accounts, and found that an estimated 25 per cent of the stolen credentials can successfully be used by cyber crooks to gain access to functioning Google accounts.
Source:
Google: 25 per cent of black market passwords can access accounts
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
This discussion has been archived.
No new comments can be posted.
25 Percent of Black Market Passwords Can Access Google Accounts
|
Log In/Create an Account
| Top
| 10 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 5, Informative) by Whoever on Sunday November 19 2017, @10:28PM (5 children)
Rule 1. Don't ever use your email password anywhere else.
(Score: 3, Funny) by JNCF on Monday November 20 2017, @12:42AM (2 children)
Rule 2. Choose a password that is easy to remember such as "sex", "god", or "password".
(Score: 4, Funny) by maxwell demon on Monday November 20 2017, @07:36AM (1 child)
But note that "god" is reserved for sysadmins.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Funny) by realDonaldTrump on Wednesday November 22 2017, @03:48AM
I'm not a sysadmin. I don't think I'm a sysadmin. And I use that one a lot.
(Score: 0) by Anonymous Coward on Monday November 20 2017, @01:53AM (1 child)
It's a bad idea, but if these people used U2F dongles that would make the password far less useful to anybody that steals it. They'd still have to have access to the dongle or an alternate factor to get into the account.
I have one for gmail and Google is being a pain in the ass not letting firefox users use u2f right now. But, still better than having to wonder if somebody has my password, which is why I got it. Haven't gotten a single warning about somebody trying to access my account since I got mine.
(Score: 2) by frojack on Monday November 20 2017, @02:47AM
Exactly.
2FA, with any method other than "text message" is the way to go.
If you don't have that, simply checking mail on your smartphone when away from your normal IP will trigger blockages by Google.
I got one of these the other day on a Gmail account that I only use for mailing lists. Why? Because I checked email with Wifi Off, and my cellular provider gated that to the internet in California while I was in Washington. Google recognized this as a someone else having my password and blocked the connection.
This has driven me to add 2FA to just about every Google account as well as a couple old Yahoo accounts.
(And I have no problem using Firefox 57.0 with 2FA so....)
No, you are mistaken. I've always had this sig.
(Score: 2) by halcyon1234 on Monday November 20 2017, @04:07AM
Original Submission [thedailywtf.com]
(Score: 2) by darkfeline on Monday November 20 2017, @06:56AM (1 child)
Anything worth using has 2FA these days. Even an 8 character reasonably strong password combined with a physical token prevents all but the most targeted attacks.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Monday November 20 2017, @01:42PM
Well, except for banks, insurance companies, cell phone carriers....
(Score: 3, Interesting) by looorg on Monday November 20 2017, @09:12AM
Shouldn't the positive news be that 75% of people change their passwords? At least sometimes or when they think they have been hacked. That is a lot higher or better then I would have assumed. Either that or well a lot of people give out fake information to whomever was hacked and the data gathered from.