The tech titan found 788,000 credentials that were stolen via keyloggers, 12 million stolen via phishing and 3.3 billion exposed by third-party breaches within a year of investigating black markets. A total of 12 percent of the exposed records it found used Gmail addresses as a username, and seven percent of those accounts reused the Gmail password for other services, making them more vulnerable than the others.
Howevever, since Google incorporates safety measures to prevent strangers from logging into your account, the company also saw increasingly sophisticated tools capable of collecting data other than usernames and passwords. Among the phishing tools and keyloggers Google examined, 82 percent and 74 percent, respectively, have the capability collect IP addresses. It also found tools that can collect phone numbers, as well as devices’ make and model. Hijackers can then use those info to authenticate the identities of the accounts they’re stealing.
Mountain View says it applied what it learned from the study to its “existing protections and secured 67 million Google accounts before they were abused.” It launched new security features over the past year, as well, including Advanced Protection to secure the accounts of people most likely to be hacked, such as celebrities and politicians. Despite providing ample protection for your accounts, Google still recommends using a password generator and activating two-factor authentication to make your credentials “unphishable.”