Cyber-thieves grab almost 250,000 valid log-in names and passwords for Google accounts every week, suggests research.
The study by Google and UC Berkeley looked at the ways email and other accounts get hijacked.
It used 12 months of log-in and account data found on websites and criminal forums or which had been harvested by hacking tools.
Google said the research helped secure accounts by showing how people fell victim to scammers and hackers.
During the 12 months studying the underground markets, the researchers identified more than 788,000 credentials stolen via keyloggers, 12 million grabbed via phishing and 1.9 billion from breaches at other companies.
Phishing involves attempts to trick people into handing over personal information and keyloggers are programs that record every key someone presses when using a computer.
The most useful information for cyber-thieves came from keyloggers and phishing attacks as these included valid passwords in 12%-25% of attacks, it found.
Phishing attacks posed the biggest risk to users as these helped malicious hackers scoop up about 234,000 valid names and passwords every week. By contrast, keyloggers only yielded about 15,000 valid credentials each week.
Cyber-attackers also sought to grab other information that could be useful in attacks, said the researchers.
Data about a person’s internet address (IP) as well as the device they were using and their physical location were all potentially useful for attackers seeking to defeat security checks.
SOURCE: BBC Tech