Skip to main content

Google Warns of Increase in Attempted Account Hijackings

Search engine giant Google has warned its users of an increase in attempted account hijackings. It stated that techniques used against U.S. government agencies and corporations are being increasingly employed by hackers.

"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," said security engineer Mike Hearn.

"Although spam filters have become very powerful -- in Gmail, less than 1 percent of spam e-mails make it into an in-box -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before. As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."

Google said that to bypass spam filters, spammers are hacking into legitimate accounts and sending mail through that account's contacts. "We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn explained. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."

The firm said it combats such hacks by using a "complex risk analysis" whenever a user attempts to sign into an account. Over 120 variables determine whether the account is opened through a simple username and password or whether Google will ask the user follow-up questions. For example, what phone number is linked with the account? Since Google began deploying such techniques, compromised accounts have decreased by 99.7 percent since their peak in 2011.

Google recommends a few methods for how users can secure their accounts, including the utilization of a strong, unique password for a Google account, a two-step verification, and setting up recovery options.

Contact Us for News Tips, Corrections and Feedback

  • COLGeek
    Hacking continues to evolve and geekdom must remain on guard, informed, and educated.
    Reply
  • dalethepcman
    I am so sick of the "what as your high school mascot, pets name, mothers name, first car" questions that you can actually just Google the person to get the answer too. Tada account hacked...

    The two step authentication is nice, but can be cumbersome. The 255 character limit, custom created security Q&A, text message and recovery email is spectacular though.

    Nothing like having a password of YouWillNeverDictionaryOrRainbowTableMeBecauseMyPasswordIsStupidLong!p.s.-hahaha
    Reply
  • joytech22
    COLGeekHacking continues to evolve and geekdom must remain on guard, informed, and educated.
    So hard when our generation is so dumb..
    Us geeks must let our fellow dummies know the risks and how to avoid them.
    Reply
  • dextermat
    Just saw Mandiant report and gmail is just high fail. Chinese can create gmail account then verify it even if they are in china without any problems. Afterwards, they use gmail for spear fishing and hacking into hotmail, gmail, PC, ect.

    Bottom line gmail is a great hacking tool and let people using their service are just hacker target.
    http://www.youtube.com/watch?feature=player_embedded&v=6p7FqSav6Ho
    Reply
  • NuclearShadow
    My Gmail password has 180 quinquavigintillion possibilities before reaching mine. And yes I mean that literally 180 quinquavigintillion. So if anyone gets into it they deserve to get into it.
    Reply
  • azraa
    123456
    best password ever.

    (just kidding)
    Reply
  • Darkk
    p@$$w0rd is the best ever! lol

    Seriously.. beef up those passwords and use two step authentication. Yes it's a little annoying but much so when your account gets hacked.
    Reply
  • ddpruitt
    dalethepcmanI am so sick of the "what as your high school mascot, pets name, mothers name, first car" questions that you can actually just Google the person to get the answer too. Tada account hacked...The two step authentication is nice, but can be cumbersome. The 255 character limit, custom created security Q&A, text message and recovery email is spectacular though.Nothing like having a password of YouWillNeverDictionaryOrRainbowTableMeBecauseMyPasswordIsStupidLong!p.s.-hahaha
    Easy to break, dictionary attack will catch that password quick. Don't believe me? Check and see how many generators build passwords out of dictionary words.

    Besides as I recall Google (and most others) only use the first 30ish characters regardless of the number you actually enter. Made for some fun with my bank password because it let me enter a 20 character password, afterwards I could never get back in. It only saved the first 16 so when I entered 20 it would always fail authentication.
    Reply
  • A Bad Day
    azraa123456best password ever.(just kidding)
    I broke into someone's WEP network using "1234" once.

    And if the password guessing didn't work, I could've downloaded a WEP encryption cracking software...
    Reply
  • velosteraptor
    I use the same password for everything. Its 5 asterisks.
    Reply