"Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging", said Google. Following a year-long study by Google and UC Berkeley, we know that data breaches are the most popular method of stealing users' credentials, but phishing scams are more unsafe because of the extra information that's exposed. More than 15 percent of daily internet users have reported that they have faced the same problem with their email or social media account.
From March 2016 to March 2017, Google and UCB trawled public and private hacker forums and paste sites to search for stolen log-in names, passwords, and other account details.
"Visit Google's Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock", they concluded.
Google says that phishing attacks pose the "greatest threat" to users of its services.
Despite its warnings about phishing and keylogging attacks, Google also found that 12 per cent of the 3.3 billion leaked records included a Gmail address, and seven per cent of the passwords linked to these were valid, due to the account owners reusing them.
Google presented their findings during the Conference on Computer and Communications Security (CCS), a full copy is available online.
A new Google study has revealed that attempts to obtain sensitive information, such as bank account details, ID and password by using fake emails, followed by key-loggers and third-party breaches, have increased globally and became a major threat to humankind. A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks - not data breaches - pose the most risk to users when it comes to lost access. The research revealed that hackers usually employ two tools to take over Gmail accounts: malicious software and phishing techniques. Google pats itself on the back in its blog post, but the underlying message for Google account holders is to take advantage of the security tools that the company provides.
"We prevent or undo actions we attribute to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state".
While Google accounts were used as a case-study, the tactics employed by these cyber criminals could be used to gain access to other online accounts as well.
Google claims that these findings helped them secure 67 million Google accounts from being abused.