1 million account logins and passwords are stolen every month,says google

Google has delved into the darker parts of the internet as part of a year-long research project analysing how cybercriminals manage to hijack user accounts by obtaining passwords and login codes.

In collaboration with the University of California, Berkeley, Google’s research examined three common ways hackers manage to hijack accounts between March 2016 and March 2017. Of the three, two of them – phishing and keylogging – were used by cybercriminals to steal up to a staggering 250,000 account logins every week, Google found.

That’s around one million account credentials that are potentially stolen every month. Let that sink in.

The largest number of stolen logins that Google found for sale on black markets came from third-party data breaches. This totalled 3.3 billion which sounds like an incredible figure at a glance, but considering the scale of recent breaches from Yahoo, MySpace, Equifax, and LinkedIn, the number isn’t all that surprising.

In terms of risk to users, however, Google says that data breaches fall far behind phishing, where a hacker pretends to be a person or company and directly asks for user data, and keylogging, which is a more direct attack that records users when they’re typing.

This is particularly true for Google accounts, the search giant explains. While data breaches are usually restricted only to passwords – which isn’t enough to bypass Google’s security prevention systems – phishing and keylogging tools often hunt for more personal data.