Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/19/2013
05:28 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Good News From Google: Account Hijacking Down

How Google is verifying logins, getting results

Now for some good news: During a week when Facebook and then Apple -- yes, Apple -- admitted getting hacked and a report tied the Chinese military to a major cyberspy gang targeting U.S. businesses and organizations, Google's security team said it has seen the number of compromised Gmail accounts drop 99.7 percent since 2011.

Mike Hearn, a Google security engineer, today blogged that Google's efforts to determine the legitimacy of log-ins has cut those email account hijackings since their peak in 2011. The secret sauce: using more of a risk analysis process and Google's multifactor authentication steps for Google user accounts. "Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made," Hearn said in his post.

If a login attempt appears suspicious -- originating from a different country since a user's last login, for example -- Google prompts the user with a few questions. "For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011," Hearn says.

Google has witnessed some hefty account-hijacking attempts. In one case, a single user used stolen passwords to try to break into 1 million Google accounts a day for weeks at a time, according to Hearn. "A different gang attempted sign-ins at a rate of more than 100 accounts per second," he said, noting that Google's security system doesn't just check the password's validity in order to thwart these types of attacks.

Google recommends strong passwords for Google accounts, its two-step authentication option, and updating account recovery options.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9268
PUBLISHED: 2020-02-18
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
CVE-2020-9269
PUBLISHED: 2020-02-18
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php.
CVE-2020-9270
PUBLISHED: 2020-02-18
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
CVE-2020-9271
PUBLISHED: 2020-02-18
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
CVE-2020-9265
PUBLISHED: 2020-02-18
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.