Drawing upon Google as a case study, we find 7-25% of exposed passwords match a victim's Google account. Using this dataset, we explore to what degree the stolen passwords-which originate from thousands of online services-enable an attacker to obtain a victim's valid email credentials-and thus complete control of their online identity due to transitive trust. Over the course of March, 2016-March, 2017, we identify 788,000 potential victims of off-the-shelf keyloggers 12.4 million potential victims of phishing kits and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users.
0 Comments
Leave a Reply. |