According to a somewhat self-congratulatory update that Google posted earlier today, it’s getting significantly harder for hackers to successfully compromise its users’ accounts. Google says it has “dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.”
As spam filters improved, Google writes, spammers learned around 2010 that the only way to get past these barriers was to use real accounts that users would trust, and this meant hacking into existing accounts to send spam from them. Now, using data available on the black market, Google writes, the company regularly sees these kinds of attacks, including, for example, “a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time.”
“We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time.”
Once Google realized this was becoming a major issue, it beefed up its security efforts and now performs a “complex risk analysis” every single time somebody logs in to its systems. The company says it evaluates over 120 variables for every login and then decides whether to prompt a user for extra information like the user’s phone number before completing the login.
Google recommends that its users enable extra security features, such as its 2-factor authentication system, and choose strong passwords. Most people, of course, don’t really do this, so chances are there will always be some accounts that will remain vulnerable to account hijacking.