Google reveals users risk safety by re-using unsafe passwords for financial, email accounts

If people use strong, unique passwords for all their accounts, the risk disappears.

Google reveals users risk safety by re-using unsafe passwords for financial, email accounts
NEW DELHI: Many people re-use breached, unsafe credentials for sensitive financial, government and email accounts, putting their account at risk of hijacking by cyber criminals, according to tech giant Google. In a recent blogpost, Google said hijackers routinely attempt to sign in to sites across the web with credentials exposed by third-party breaches.

If netizens use strong, unique passwords for all their accounts, this risk disappears, it said.

"Based on anonymous telemetry reported by the Password Checkup extension, we found that users reused breached, unsafe credentials for some of their most sensitive financial, government, and email accounts," it added.


Cyber attackers often have wide-scale access to billions of stolen usernames and passwords.

The risk, as per Google, was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites.

"In fact, outside the most popular web sites, users are 2.5X more likely to reuse vulnerable passwords, putting their account at risk of hijacking," the blogpost said.
ADVERTISEMENT

In February, Google had announced the Password Checkup extension for Chrome. This extension displays a warning when a user signs in to a site using one of the over four billion usernames and passwords that Google knows to be unsafe due to a third-party data breach.

Facebook Data Breach Making Headlines, Here's How Other Scandals Began
1/6
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches.
(Image: Twitter/@AleksandrBKogan)
The Facebook leak was traced back to Aleksandr Kogan, an academic at Cambridge university. Here is the root of other such worldwide breaches. (Image: Twitter/@AleksandrBKogan)
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russian and Ukrainian gang hacked into the records for over seven years, breaching 8,00,000 bank accounts and stealing more than 160 million credit and debit card numbers. While his colleagues did the hacking, 32-year-old Russian Roman Kotov was charged with mining the data.
In 2012, companies like Visa Inc licensee, J C Penney Co, JetBlue Airways Corp and French retailer Carrefour SA were attacked by hackers, resulting in a collective loss of up to $300 million. A Russi..
Read More
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to change their passwords, but said that financial information was stored separately and hence, remained safe. One mind boggling detail is that the unknown hackers had access to eBay’s accounts for 229 days.
While eBay’s database was hacked earlier in 2014, the news came out only in May that year. The online auction house went into damage control. Its then CEO John Donahue asked 145 million users to chan..
Read More
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data breach, where hackers stole more than 130 million credit and debit card numbers from the payment processing system in 2008. College dropout Gonzalez used several screen names like ‘soupnazi’ (a reference to the popular Seinfeld episode), ‘kingchilli’ and ‘cumbajohny’ in the TJX hack. While Gonzalez was arrested in a Miami hotel, officials found $1.6 million in cash hidden in plastic bags in a drum buried at his parent’s backyard. The soupnazi was sentenced to 20 years in prison in 2010.
In 2007, more than 94 million customer accounts belonging to the department store group TJX were compromised. The man behind it, Albert Gonzalez, was also indicted in the Heartland Payment’s data bre..
Read More
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in 2014, when just one user at an Anthem subsidiary opened a phishing email. It gave access to the company’s warehouse. In 2017, Anthem reached a settlement of $115 million — the money will reportedly be used to pay for an additional two years of credit monitoring for the breach’s victims.
The personal records of over 78 million customers were stolen in 2015 from American health insurance giant Anthem. Investigators suspected China’s role in the breach. Apparently, the hack happened in..
Read More
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incident in 2016, a hacker called Peace put up the company’s user information for sale in the darknet market site, The RealDeal. The news affected Verizon’s takeover of the company, knocking off $350 million from the sale price. Verizon bought out Yahoo in June 2017.
Literally every single Yahoo user account was hacked into. In September 2017, Yahoo confirmed that all of its three billion accounts were exposed as part of an August 2013 breach. In a separate incid..
Read More

Google said in the first month alone, it scanned 21 million usernames and passwords, and flagged over 3,16,000 accounts as unsafe - which was 1.5 per cent of the sign-ins scanned by the extension.

The tech giant has added two new features for the Password Checkup extension.

ADVERTISEMENT
It is adding a direct feedback mechanism where users can inform the company about any issues that they are facing via a quick comment box.

The second features is aimed at giving users more control over their data, the blogpost said.

ADVERTISEMENT
It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage, the blogpost said.

"By design, the Password Checkup extension ensures that Google never learns the username or password of the user, regardless of whether they enable telemetry, but we still want to provide this option if users would prefer not to share this information," it added.

Facebook, Twitter Instagram: Tips & Tricks To Keep Social Media Private
1/9

It seems counter intuitive – after all, social media helps you share your opinions and speak to a larger audience. But thanks to rampant identity theft and online stalking, there is a solid argument to be made to target your social posts instead of keeping them public. Karan Bajaj shows you how.

It seems counter intuitive – after all, social media helps you share your opinions and speak to a larger audience. But thanks to rampant identity theft and online stalking, there is a solid argument ..
Read More

Facebook has a dedicated section for privacy settings and tools (accessible in the Settings menu). In this section, you can choose who can see your future activity. For privacy, select Friends instead of Public. Also on the same page, you get the option to limit accessibility of your existing posts on the social network to only friends instead of everyone. You can also choose individual settings for items such as friend requests, email addresses access, phone number access and who can see your friends list. To step up your privacy, switch all these settings to ‘Friends Only’. We also recommend switching off access to search engines outside of Facebook.

Facebook has a dedicated section for privacy settings and tools (accessible in the Settings menu). In this section, you can choose who can see your future activity. For privacy, select Friends instea..
Read More

By default, all the information in your profile is in the public domain. To change this, click on your profile picture on the top bar to view your profile. On this page, you can view all the information available to anyone who opens your profile page. Click the edit button (the small pencil icon) that appears inside the intro box and you can then customize your info. We recommend switching off all the items you want to keep private from prying eyes.

By default, all the information in your profile is in the public domain. To change this, click on your profile picture on the top bar to view your profile. On this page, you can view all the informat..
Read More

Many regular Facebook users tend to upload a lot of photos to share with friends and family. However, you don’t want everyone who visits your profile to have access to all these memories either. One way to hide them is to delete them from Facebook after a few months. The other way is to edit the privacy settings for each photo album. Click on Photos > Albums. For any album that you want to limit access to, click the options button (the three dots on the right corner) on an individual album and choose edit. This will open the privacy settings for the album for which you can select only friends, family or only you.

Many regular Facebook users tend to upload a lot of photos to share with friends and family. However, you don’t want everyone who visits your profile to have access to all these memories either. One ..
Read More

Quite like Instagram, Twitter lets you hide your tweets from the world — this means they’ll only be visible to your existing followers and won’t show up in searches. You will also have to individually approve new followers from that point forward. To do this, go to the ‘Settings and Privacy’ section and look for ‘Privacy and Safety’. Here, you can switch-on the feature marked ‘Protect your Tweets’.

Quite like Instagram, Twitter lets you hide your tweets from the world — this means they’ll only be visible to your existing followers and won’t show up in searches. You will also have to individuall..
Read More

One of the nicest privacy features on Twitter is that it lets you control how people can look you up on Twitter. In Settings, look for a section on Discoverability — here you can choose if other users can find you on Twitter using your email address or phone number. You can also view and manage any contacts you have uploaded to Twitter from your smartphone or choose to remove uploaded data from your account altogether.

One of the nicest privacy features on Twitter is that it lets you control how people can look you up on Twitter. In Settings, look for a section on Discoverability — here you can choose if other user..
Read More

This is the easiest method to prevent access to your Instagram posts and stories. In the Instagram app on your phone, open settings > Privacy and Security. You will see the option for Account Privacy here which gives you the option to switch to a private account. Once enabled, only people that are following you will be able to see your posts. Any new followers will have to be approved by you individually. You should do this if you’re not interested in growing your followers and want to share with a group of people only.

This is the easiest method to prevent access to your Instagram posts and stories. In the Instagram app on your phone, open settings > Privacy and Security. You will see the option for Account Privacy..
Read More

Chances are that you have linked your Facebook profile to your Instagram account — either by choice or by using a Facebook account to login to Instagram. What happens in this scenario is that when anyone visits your Facebook profile, it shows them that you are also available on Instagram. To avoid this, head to Settings in your Instagram app, tap on Account > Linked Accounts > Facebook and select ‘Unlink Account’.

Chances are that you have linked your Facebook profile to your Instagram account — either by choice or by using a Facebook account to login to Instagram. What happens in this scenario is that when an..
Read More

Even with your account set to private, a friend can share your story to their timeline and it would then become public through their feed. To stop this from happening, you can control how your Instagram stories can be seen and shared. In Settings, go to Privacy and Security > Story Controls. Here, you can switch off the option that lets people share your story. You can create a blacklist to hide your story from certain people, choose who can reply to your story (everyone, people you follow or no one) and there are also options to prevent saving story posts to the Instagram archive.

Even with your account set to private, a friend can share your story to their timeline and it would then become public through their feed. To stop this from happening, you can control how your Instag..
Read More
Download
The Economic Times News App
for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
READ MORE
ADVERTISEMENT

READ MORE:

LOGIN & CLAIM

50 TIMESPOINTS

More from our Partners

Loading next story
Text Size:AAA
Success
This article has been saved

*

+