25% of the 1.9 billion passwords and usernames bought on the black market are Google accounts

Hackers often try to hack into Google accounts, so Google researchers have spent a year to see how they can steal user accounts.

To get proof of the tools that hackers use to steal passwords, Google works with security experts at California Berkeley University and tracks black market activity. Recently they have published their results.

Most passwords are stolen in two ways: phishing emails or leaks from third parties. From March 2016 to 2017, Google discovered more than 12 million accounts (including username and password). stolen due to scams and 3.3 billion due to 3rd party.

See also: Google's new advanced security turn-on guide to not be hacked

Such a large number is because the password is an attractive item, especially having a Google account will access the password of Gmail, Google Docs, Google Drive . Although this number is large, the research team also only get free information online and limited human resources, so in fact there may be more.

The study also found that up to 25% of the passwords traded on the black market can be used to control Google accounts. 'There are more than 1.9 billion usernames and passwords on the black market forum,' the researcher said. And when many people share passwords for both Google and MySpace accounts, for example, when MySpace leaks data, hackers will try to use the password on Google.

25% of the 1.9 billion passwords and usernames bought on the black market are Google accounts Picture 1
This era no one seems to have a Google account

Even Facebook CEO Mark Zuckerberg shared the same password - dadada - for both Twitter and Pinterest accounts, to hack them in 2016 by a group called OurMine.

There are also a number of ways for companies like Google and users to protect themselves. Researchers use two-factor authentication or password management applications to create separate passwords for each page, avoid duplication, especially don't use simple and easy-to-guess passwords like '12345'.

Anyway, 'password is something we can no longer trust,' said Kurt Thomas, a researcher at Google.

Readers interested in Google reports can read more here.https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46437.pdf