Keyloggers installed on infected machines are a common way for attackers to discover a user's password or credit card information. But many times attackers don't need to install malware to steal credentials.
"Absent, weak, and stolen credentials are careening out of control," Verizon said in its report. Two-thirds of breaches involved stolen or guessable usernames or passwords.
One easy way for attackers to steal credentials includes clicking the "forgot password" button and guessing security questions. Those can be easy to guess if the attacker knows anything about the victim.
For instance, a hacker was able to log into Sarah Palin's personal Yahoo Mail account just by going on Wikipedia. Her security questions included her birthday and the name of her high school.
Large, organized crime syndicates have been launching sophisticated attacks for decades.
|Marissa Mayer's payday: 4 years, $219 million|
|Kristen Bell releases first ever photos from $142 wedding to Dax Shepard July 25|
|Can Waiting Until 70 to Claim Social Security Be a Big Blunder?|
|Venezuela: McDonald's forced to halt Big Mac sales|
|'Shark Tank' star Daymond John: High-tech hearing aids changed my life|