According to a Google study, 1.5% of all credentials on the Internet can be used for cyber attacks because they were disclosed during leaks.
Google has created a data leak notification service and extension to conduct research. Password checkupthat collects anonymous and hashed credentials.
When a user logs in to a site with the extension installed, the hash of credentials is sent to Google and verified with 4 billion logins and passwords that were discovered as a result of leaks. In case of a match, an alert is displayed with a warning and a suggestion to change the password.
Data collected between February 5 and March 4, 2019 showed that 1.5% of the 21,177,237 monitored logins and passwords (i.e., about 316,530) were found in the leaked data.
At the time of the study, 670 thousand people installed the Password Checkup extension. However, only 26% of users who received the notification changed their password. Of these, 60% changed it to a more secure one than the previous one, and in 94% of cases the new password was no weaker than the old one.
Among those sites for which the largest
number of warnings, entertainment resources (6.3%) and sites “for
To protect against hacking, researchers recommend using unique passwords for each site and quickly change those passwords that have been compromised.
At the same time, Google notes that the proportion of credentials uncovered as a result of leaks can be even higher than 1.5%. Those users who have installed the expansion of the company are more conscious of Internet security issues, while among other users, violations such as using the same passwords for different services are more common.
All Google research results are available at the link.