Endpoint
12/11/2013
07:18 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

One In Four U.K. Consumers Have Had Online Accounts Hacked

Hotmail, Facebook, Yahoo, and PayPal accounts identified as breached most often

London, UK – 11 December 2013 – As user engagement with ecommerce sites and online services inevitably increases in the run up to Christmas, new research commissioned by CertiVox finds that almost a quarter (24%) of UK consumers have had their account hacked or data stolen for an online service, with five% having been compromised more than once.

As consumers continue to head online in their droves to do their Christmas shopping, they expect their details to be secure. However, when asked about the services for which accounts had been hacked, it was found that 25% of the incidents involved Hotmail, 21% involved Facebook and 11% involved Yahoo!, Yahoo! Mail or Y! Mail accounts. Considering a lot of consumers use the same password across a number of sites and many retail sites have customers using email addresses as usernames or allow users to login through Facebook, this will be a worry for online Christmas shoppers. Retail and payment services also featured in the research with 6% of hacking incidents involving PayPal and 4% involving eBay.

The research, conducted by Populus among a representative sample of 2,012 UK respondents, also looked at the actions consumers would take following a data breach, and found that a huge 25% of respondents said that they would terminate a service immediately if their account was compromised or data stolen. This is an alarming figure for companies that have experienced breaches, and those still relying on the flawed username and password system. In addition to this, some 16% of respondents also said that that they would look for an alternative service and move if a suitable replacement was found. Only 37% say they would reset their details and carry on using the service as normal.

Perhaps unsurprisingly, given the number of people who have had accounts or data compromised, the research also found that only 60% of respondents trust the username and password authentication process as a secure way to access online services. 26% don't trust the process and a further 14% are unsure.

Commenting on the findings, Brian Spector, CEO of CertiVox said, "This research shows that despite the rush of Christmas shopping online, many consumers are wary and believe that the username and password authentication system is not secure enough to protect their data. When you consider this coupled with the fact that the services identified as being hacked the most are some of the biggest names in technology with hundreds of millions, or even billions of users, it is amazing that there hasn't been a whole-scale move away from usernames and passwords.

"It is clear from the research that services which do not secure their users' data adequately are likely to start seeing users move away. This should act as a prompt to businesses everywhere to consider their security more carefully than ever before."

Methodology

The research surveyed a UK representative sample of 2012 adults (18+) on their views on online security in December 2013. Specifically consumers were asked about their views on the username and password system, additional security measures, and their own experience of online security breaches.

-END-

About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox's proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit www.certivox.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web