Google says account takeovers are down more than 99 percent

Share this article:

Google is crediting enhanced risk analysis efforts with lowering the number of compromised user accounts by nearly 100 percent over two years, the company announced Tuesday.

Mike Hearn, a Google security engineer, said in a blog post that new security measures, in which login attempts to accounts such as Gmail are tested against 120 variables to ensure a person is who they say they are, have reduced hijackings by 99.7 percent since a peak in 2011.

"If a sign-in is deemed suspicious or risky for some reason – maybe it's coming from a country oceans away from your last sign-in – we ask some simple questions about your account," Hearn wrote. "For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner." 

Spammers and others who seek access to accounts that aren't theirs use varying ways to do it. But Hearn pinned a brunt of the blame on hackers who have compromised websites to steal usernames and passwords. Oftentimes, web users employ the same credentials across their online accounts. So if a miscreant steals someone's login information from, for example, LinkedIn, those same credentials might work to access Gmail.

And once in their possession, attackers use automated methods to try and crack victims' accounts.

"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," wrote Hearn, who added that users should also consider using two-factor authentication as an additional protection method.

Still, the news from Google wasn't met with all praise, with some questioning the privacy ramifications of a single company knowing so much about its users.

"The flip side of Google account hijackings being down 99 percent is that Google's ability to correlate and pinpoint you is up 99 percent," Melissa Elliott, a computer security researcher, tweeted on Wednesday. "I'm not saying that's good or bad. Just that the reality is that you have to take extreme steps to be truly anonymous online."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

Woman charged with using spyware on former cop

Kristin Nyunt of Monterey, Calif., is charged with two counts of illegal wiretapping and possession of illegal interception devices and faces a sentence of up to five years in prison.