07:18 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
Repost This

One In Four U.K. Consumers Have Had Online Accounts Hacked

Hotmail, Facebook, Yahoo, and PayPal accounts identified as breached most often

London, UK – 11 December 2013 – As user engagement with ecommerce sites and online services inevitably increases in the run up to Christmas, new research commissioned by CertiVox finds that almost a quarter (24%) of UK consumers have had their account hacked or data stolen for an online service, with five% having been compromised more than once.

As consumers continue to head online in their droves to do their Christmas shopping, they expect their details to be secure. However, when asked about the services for which accounts had been hacked, it was found that 25% of the incidents involved Hotmail, 21% involved Facebook and 11% involved Yahoo!, Yahoo! Mail or Y! Mail accounts. Considering a lot of consumers use the same password across a number of sites and many retail sites have customers using email addresses as usernames or allow users to login through Facebook, this will be a worry for online Christmas shoppers. Retail and payment services also featured in the research with 6% of hacking incidents involving PayPal and 4% involving eBay.

The research, conducted by Populus among a representative sample of 2,012 UK respondents, also looked at the actions consumers would take following a data breach, and found that a huge 25% of respondents said that they would terminate a service immediately if their account was compromised or data stolen. This is an alarming figure for companies that have experienced breaches, and those still relying on the flawed username and password system. In addition to this, some 16% of respondents also said that that they would look for an alternative service and move if a suitable replacement was found. Only 37% say they would reset their details and carry on using the service as normal.

Perhaps unsurprisingly, given the number of people who have had accounts or data compromised, the research also found that only 60% of respondents trust the username and password authentication process as a secure way to access online services. 26% don't trust the process and a further 14% are unsure.

Commenting on the findings, Brian Spector, CEO of CertiVox said, "This research shows that despite the rush of Christmas shopping online, many consumers are wary and believe that the username and password authentication system is not secure enough to protect their data. When you consider this coupled with the fact that the services identified as being hacked the most are some of the biggest names in technology with hundreds of millions, or even billions of users, it is amazing that there hasn't been a whole-scale move away from usernames and passwords.

"It is clear from the research that services which do not secure their users' data adequately are likely to start seeing users move away. This should act as a prompt to businesses everywhere to consider their security more carefully than ever before."


The research surveyed a UK representative sample of 2012 adults (18+) on their views on online security in December 2013. Specifically consumers were asked about their views on the username and password system, additional security measures, and their own experience of online security breaches.


About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox's proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit www.certivox.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web