We've all had them. Those emails you read with a growing sense of dread which tell you to change the password you use on this account, that social network or one of the many other online services you use. Those emails are common given that almost one billion login credentials have been stolen and shared online in the last year. Yahoo, MySpace, LinkedIn, Dropbox and Tumblr, have all been hit and the list goes on and on. The worst part is the uncertainty that comes in the wake of the warning - do you panic now or later? Computer scientist Jeremiah Onaolapo and colleagues from University College London decided to find out how quickly criminals react once they get access to an online account.
Yahoo logo on a smartphone
The team set up 100 Gmail accounts and then accidentally-on-purpose shared their login credentials on forums and sites that data traders are known to frequent. The accounts were made to look "live" by having message threads, alerts and updates flow through them. They were also surreptitiously locked down to limit abuse. Mr Onaolapo was sure the webmail accounts would be tempting because of the way people use them. More often than not, he said, they have data from other accounts, such as bank details, passing through them. "It's information that can be used for ID theft," he said.
Quiet period
They did indeed prove tempting. By the end of the study, 90 of the accounts had been visited by people who were not their rightful owner. "Judging by the activity on the accounts, I would say that the majority of the visitors did not know they were faked," he said.
Staying secure
* Use two-factor authentication where possible
* Use a sentence or a string of random words as a password
* Do not re-use passwords across sites or services
* Consider using a password manager for all your accounts
* Change the default passwords on gadgets you own
* Regularly check where account activity originates
MORE
