CNN reported that Google had found millions of usernames and passwords stolen directly through hacking. It also uncovered billions of usernames and passwords indirectly exposed in third-party data breaches.
Lisa Baergen, director at NuData Security, said: “The news that an estimated quarter million logins are stolen each week serves as a wake-up call on many levels. Gmail and the Google Platform are deeply interwoven into corporations and consumers’ lives – one minor example is the number of people who are likely to have used their work email addresses to verify a new Gmail address over the last several years. Now, think about the online retail implications: how many of us conduct shopping online and get confirmations via Gmail? What data does that expose?
“This news affects every company, in every sector. Many people (including employees) continue to reuse usernames and passwords across many sites. Is it time for employer policies that prohibit the employee’s use of off-duty passwords for corporate email accounts, and likewise, the use of workplace emails as secondary verification for personal accounts? A leap from a user’s personal Gmail account into their workplace account sets up a scenario for new levels of successful Whale Phishing.
“Cyber crime isn’t “loners in the basement” anymore – it’s highly organised, well-resourced, and technologically advanced. The news of ongoing, massive-scale theft of Gmail credentials should be a wake-up call that it’s time to fundamentally re-think authentication, and incorporate continuous validation techniques data that can’t be mimicked, such as passive biometrics. Email contains so much strategic information – it’s time to equip that ubiquitous yet critical application with the security it deserves.”