This blog is based on the Google’s study on leaked credentials which was published by Google along with researchers from University of California, research paper titled “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials” .
Researcher have collected data over the course of March, 2016–March, 2017, They identified:
- 788,000 potential victims of off-the shelf keyloggers;
- 12.4 million potential victims of phishing kits;
- 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums
Key Highlights (Google’s Study On Leaked Credentials):
1- More Than 20% Users Were Affected:
As per the study, 7–25% of exposed passwords match a victim’s Google account.
Also as per another research by Shay et al. in 2014, 30% of 294 participants reported having at least one of their accounts compromised
2- Phishing Is A Main Source Of Leaked Credentials
As per the study (Using Google as case study), it has been found that phishing has caused most number of leaked credentials 25% of phishing victims compare to only 7% of victims in third party data breaches, compared to 12% of keylogger victims (have their current Google password exposed).
3- Phishing Has The Highest Success Rate Of Successful Hijacking
Also it has been found that victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. Whereas, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims.
4- Password Reuse Had Causing A Lot Of Harm
Also if we talk about credential leaks re-use rate. Research has identified a current password match rate of 6.9% to 7.5%.
As stolen credentials become stale over time, research find that credential leaks dating back to 2012–2014 may underestimate the risk of password re-use.
Heatmap of password re-use rates, comparing leaks pairwise:
Study has found that 17.0% of the 22 million email addresses in multiple leaks re-used a password at least once.
Another study by Das et al. examined the password strategies for users who appeared in multiple credential leaks and estimated 43% of passwords were re-used . while Wash et al. found users re-used 31% of their passwords based on a study of 113 participants
5- The Top 10 Hacking Tools Used:
Top 10 phishing kits and the brands they target, ranked by number of potential victims.
Top 10 keylogger families, ranked by the number of potential victims.
6- More Than 90% of Leaked Credentials Are From The Sources Not Indexed By Google
According to the research, More than 93% of records were collected from the deep or dark web where Google crawler can’t reach.
[Read More: Top 8 Ways To Handle Leaked Credentials Incidents]
7- People Were Using Plain Text Passwords Which Are Easy To Hack
Following table gives a picture of top 10 plain text passwords used by victims:
8- Credit Card/ Financial Information Was Targeted:
Research has found that hackers searched the email history of accounts for financial information data in most of the case. Only smaller set has used the account for spamming purpose. A variety of strategies have been used for monetizing stolen credentials—spam, financial fraud, and stepping stone access to other accounts.
Study has found that some phishing kits and keyloggers were stealing additional information rather than usernames and passwords.
9- 3rd Party Breaches Had Caused Majority Of Leaked Credentials:
For credential leaks, Study found that none of the leaked credentials in the study originate from a breach at an email provider (to Google’s knowledge). All email addresses were exposed due to a third-party breach where the company used email addresses as identifiers.
Following table shows a distribution of emails providers used by percentage of victims of credential leaks, phishing kits, and keyloggers.