Google Says Nearly 250,000 Web Logins Hijacked Each Week

[monkeymagick]

Researched conducted by Google has found that hackers steal almost 250,000 web logins weekly (warning auto-play video). Partnered with UC Berkley, the hijackings were investigated for a year between March 2016 and March 2017. The researchers developed an automated system to scan all sorts of nooks and crannies of the internet looking at how the data was stolen and the tools used by the criminals. The revelation of victims still falling for phishing scams and keyloggers all the time is not too surprising.

More of information on the study can be read at Google's security blog post found here.

Data breaches, such as the recent Equifax hack, are the most common ways hackers can get your data. In one year, researchers found 1.9 billion usernames and passwords exposed by breaches. The company continued to study this through September 2017 and found a total of 3.3 billion credentials.

 

[bigstusexy]

I can't be too happy with Google and security. Because I am an admin for a school and I use a web filter that relies on SSL inspection via MitM, however Google becomes suspicious of our traffic and breaks that. However I cannot get any information on whats causing this to fix it. Nothing at all. The most I hear is that I won't be told because if attackers knew what they were watching for they'd hide it. This is not acceptable as it is telling me I have an issue, I should fix it but not even telling me what my problem is.

 

[GNUse_the_force]

I can't be too happy with Google and security. Because I am an admin for a school and I use a web filter that relies on SSL inspection via MitM, however Google becomes suspicious of our traffic and breaks that. However I cannot get any information on whats causing this to fix it. Nothing at all. The most I hear is that I won't be told because if attackers knew what they were watching for they'd hide it. This is not acceptable as it is telling me I have an issue, I should fix it but not even telling me what my problem is.

So Google should break or release data on their security features that protect hundreds of millions of users so you can see what little Jimmy and Jane are looking at online during school hours.

Have you considered writing a strongly worded letter to them ?

 

[bigstusexy]

This isn't about what someone is looking at.
Google becomes suspicious of our activity, causing a prompt to verify you're human. If I get that page and look at the other info they suggest things like malicious traffic. However they don't tell you what exactly, I could have a bot on my network zero info and yes, this breaks other things.
It could also be false positives.

I wouldn't care if I had to mirror my connection, boot up a locked down Google Linux distro, put in an incident ID, let them sniff my traffic and they even only tell me what Internal IPs they suspect that would be something.

I've gotten security notices before, from other network operators and systems, and they contain useful information and what they suspect if not exactly what they see.

The problem is when you graduate from using Google as a home user to a business they don't respond that well. Even calling for support for G-Suite is rough as you have to go through specific links to get to an support number; you'll find many pages giving you the list of pages to step through while looking for the one page to start on instead of just linking to that page.