Top 9 Highlights Of Google’s Study On Leaked Credentials

This blog is based on the Google’s study on leaked credentials which was published by Google along with researchers from University of California, research paper titled “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials.

 

Researcher have collected data over the course of March, 2016–March, 2017, They identified:

  • 788,000 potential victims of off-the shelf keyloggers;
  • 12.4 million potential victims of phishing kits;
  • 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums

 

Key Highlights (Google’s Study On Leaked Credentials):

 

1- More Than 20% Users Were Affected:

As per the study, 7–25% of exposed passwords match a victim’s Google account.

Also as per another research by Shay et al. in 2014, 30% of 294 participants reported having at least one of their accounts compromised

 

2- Phishing Is A Main Source Of Leaked Credentials

 

As per the study (Using Google as case study), it has been found that phishing has caused most number of leaked credentials 25% of phishing victims compare to  only 7% of victims in third party data breaches, compared to 12% of keylogger victims (have their current Google password exposed).

 

3- Phishing Has The Highest Success Rate Of Successful Hijacking

 

Also it has been found that  victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. Whereas, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims.

 

>> READ MORE:   3 Social Engineering Attacks To Look Out For

4- Password Reuse Had Causing A Lot Of Harm

 

Also if we talk about credential leaks re-use rate. Research has identified a current password match rate of 6.9% to 7.5%.

Google's Study On Leaked Credentials - Password Reuse Had Causing A Lot Of Harm

 

As stolen credentials become stale over time, research find that credential leaks dating back to 2012–2014 may underestimate the risk of password re-use.

Heatmap of password re-use rates, comparing leaks pairwise:

Google's Study On Leaked Credentials - Heatmap of password re-use rates

 

Study has found that 17.0% of the 22 million email addresses in multiple leaks re-used a password at least once.

Another study by Das et al. examined the password strategies for users who appeared in multiple credential leaks and estimated 43% of passwords were re-used . while Wash et al. found users re-used 31% of their passwords based on a study of 113 participants

 

 

[Read More : Credential Stuffing: 8.7 Identity-Record Data Are On Surface, Deep & Dark Web ]

 

 

5- The Top 10 Hacking Tools Used:

 

Top 10 phishing kits and the brands they target, ranked by number of potential victims.

Google's Study on leaked credentials - Top 10 phishing kits

 

Top 10 keylogger families, ranked by the number of potential victims.

Google's Study on leaked credentials - Top 10 keylogger families

 

6- More Than 90% of Leaked Credentials Are From The Sources Not Indexed By Google

 

>> READ MORE:   How Missing Continuous Monitoring Makes Third-Party Risk Management Programs Ineffective

According to the research, More than 93% of records were collected from the deep or dark web where Google crawler can’t reach.

More Than 90% of Leaked Credentials Are From The Sources Not Indexed By Google

 

[Read More: Top 8 Ways To Handle Leaked Credentials Incidents]

 

 

7- People Were Using Plain Text Passwords Which Are Easy To Hack

 

Following table gives a picture of top 10 plain text passwords used by victims:

 

Google's Study on leaked credentials - A lot of plain text passwords were used

 

8- Credit Card/ Financial Information Was Targeted:

 

Research has found that hackers searched the email history of accounts for financial information data in most of the case. Only smaller set has used the account for spamming purpose. A variety of strategies have been used for monetizing stolen credentials—spam, financial fraud, and stepping stone access to other accounts.

 

Study has found that some phishing kits and keyloggers were stealing additional information rather than usernames and passwords.

 

Google's Study on leaked credentials - Credit Card/ Financial Information Was Targeted

9- 3rd Party Breaches Had Caused Majority Of Leaked Credentials:

 

For credential leaks, Study found that none of the leaked credentials in the study originate from a breach at an email provider (to Google’s knowledge). All email addresses were exposed due to a third-party breach where the company used email addresses as identifiers.

 

Following table shows a distribution of emails providers used by percentage of victims of credential leaks, phishing kits, and keyloggers.

 

Google's Study on leaked credentials - 3rd Party Breaches Had Caused Majority Of Leaked Credentials

 

 

FREE Breach Risk Assessment Report