Guessed or stolen credentials
Guessed or stolen credentials

Keyloggers installed on infected machines are a common way for attackers to discover a user's password or credit card information. But many times attackers don't need to install malware to steal credentials.

"Absent, weak, and stolen credentials are careening out of control," Verizon said in its report. Two-thirds of breaches involved stolen or guessable usernames or passwords.

One easy way for attackers to steal credentials includes clicking the "forgot password" button and guessing security questions. Those can be easy to guess if the attacker knows anything about the victim.

For instance, a hacker was able to log into Sarah Palin's personal Yahoo Mail account just by going on Wikipedia. Her security questions included her birthday and the name of her high school.


Last updated July 29 2011: 5:11 AM ET
Join the Conversation
The cyber Mafia has already hacked you

Large, organized crime syndicates have been launching sophisticated attacks for decades.

Most Popular
 
 
 
 
 

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.