Daily NewsCyber Crime & ForensicCyber Safety

Gmail Hacks Last August Highlight Importance of Layered Security, Need to Reimagine Passwords

Weak or Compromised Passwords Are Putting Businesses at Risk of Cyberattacks

It’s been a month since Google made a stunning admission that hackers are getting access to Gmail accounts, and compromised passwords are leading to more and more “successful intrusions.” It’s a worrying admission to say the least—and it only highlights what Cybersecurity Asia has been reporting for the longest time: Weak or compromised passwords are putting business at risk of cyberattacks.

“Compromised credentials continue to be the top entry point for attackers, and Google’s disclosure is a reminder that even the best platforms can’t protect accounts if passwords are weak, outdated, or stolen. Whether through phishing, credential stuffing, or social engineering, hackers know it’s far easier to go after logins than to break encryption,” noted Shane Barney, Chief Information Security Officer (CISO) at Keeper Security, in an exclusive commentary for CSA.

Barney makes an excellent point. Google takes pride in the cybersecurity measures it implements across its platforms, using multiple layers of defence and defence-in-depth principles to secure everything Google-related. Now, it appears that the kind of top-flight security Google purportedly offers might not be as impregnable as initially thought. If, indeed, hackers are gaining access to multiple Gmail accounts at a time, then it’s probably a sign that cyber adversaries are starting to circumvent with ease the security architecture of arguably the world’s top tech monolith.

Passwords: The Entry Point of Attack

If hackers can break Gmail, there’s a high likelihood they’d be able to break other email providers, with weak or compromised passwords as their main attack vector. It’s a chilling possibility for any business, and it’s probably happening more than we care to admit.

Further complicating matters is the underground market for stolen credentials, which is both vast and lucrative. In fact, some estimates say there are over 24.6 billion username-password combinations currently circulating across cybercriminal marketplaces—although the true scale is difficult to verify due to repeated resale of stolen data. The most valuable of these, of course, are login data used for banking, email, cloud, crypto, corporate VPNs, and social media accounts, as they are commonly reused for phishing, identity theft, malware campaigns, and business email compromise.

Indeed, the prospect of getting hit by a cyberattack due to weak or compromised passwords is a distinct possibility—and the Gmail fiasco proves it. Fortunately, there’s still a way to at least minimise the chances of it happening, according to Barney.

“The best defence is layered security,” Barney pointed out. “For Gmail users, that starts with replacing old passwords with long, unique ones stored in a password manager, enabling two-factor authentication with an authenticator app, and adopting passkeys where possible. For those seeking the highest level of protection, hardware-based security keys like YubiKeys add another critical safeguard, because an attacker would need both physical possession of the device and knowledge of the PIN.”

The Keeper Security CISO made it clear, though, that the solutions he outlined aren’t fool-proof ways to prevent password compromise or hacking. But according to him, these steps can “make account takeover dramatically more difficult and far less attractive to attackers.”

Then again, with cybercrime on the rise, minimising threats of any kind is already a win in and of itself.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *