One In Four U.K. Consumers Have Had Online Accounts Hacked

Hotmail, Facebook, Yahoo, and PayPal accounts identified as breached most often

December 12, 2013

3 Min Read


London, UK – 11 December 2013 – As user engagement with ecommerce sites and online services inevitably increases in the run up to Christmas, new research commissioned by CertiVox finds that almost a quarter (24%) of UK consumers have had their account hacked or data stolen for an online service, with five% having been compromised more than once.

As consumers continue to head online in their droves to do their Christmas shopping, they expect their details to be secure. However, when asked about the services for which accounts had been hacked, it was found that 25% of the incidents involved Hotmail, 21% involved Facebook and 11% involved Yahoo!, Yahoo! Mail or Y! Mail accounts. Considering a lot of consumers use the same password across a number of sites and many retail sites have customers using email addresses as usernames or allow users to login through Facebook, this will be a worry for online Christmas shoppers. Retail and payment services also featured in the research with 6% of hacking incidents involving PayPal and 4% involving eBay.

The research, conducted by Populus among a representative sample of 2,012 UK respondents, also looked at the actions consumers would take following a data breach, and found that a huge 25% of respondents said that they would terminate a service immediately if their account was compromised or data stolen. This is an alarming figure for companies that have experienced breaches, and those still relying on the flawed username and password system. In addition to this, some 16% of respondents also said that that they would look for an alternative service and move if a suitable replacement was found. Only 37% say they would reset their details and carry on using the service as normal.

Perhaps unsurprisingly, given the number of people who have had accounts or data compromised, the research also found that only 60% of respondents trust the username and password authentication process as a secure way to access online services. 26% don't trust the process and a further 14% are unsure.

Commenting on the findings, Brian Spector, CEO of CertiVox said, "This research shows that despite the rush of Christmas shopping online, many consumers are wary and believe that the username and password authentication system is not secure enough to protect their data. When you consider this coupled with the fact that the services identified as being hacked the most are some of the biggest names in technology with hundreds of millions, or even billions of users, it is amazing that there hasn't been a whole-scale move away from usernames and passwords.

"It is clear from the research that services which do not secure their users' data adequately are likely to start seeing users move away. This should act as a prompt to businesses everywhere to consider their security more carefully than ever before."


The research surveyed a UK representative sample of 2012 adults (18+) on their views on online security in December 2013. Specifically consumers were asked about their views on the username and password system, additional security measures, and their own experience of online security breaches.


About CertiVox

CertiVox was founded in 2008 based on one simple belief: that every business, enterprise, organization and individual has the right to secure their information simply and easily. Delivering on that belief has enabled us to build a customer base across many industries – government, legal, financial and cloud orchestration – that also includes some of the biggest names in the world. Organizations such as BAE Systems, Hitachi, Intel, Panasonic, Toyota, PKWARE and Parallels have put their trust in CertiVox to help secure their systems.

CertiVox's proven expertise in both encryption and authentication means we are the only company in the global market today that can arm businesses and individuals with easy-to-use, certificateless security solutions for all things Internet. CertiVox is headquartered in London, UK with offices in Dublin, Ireland and Sofia, Bulgaria.

For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights