Last week, Google put out a blog post claiming to have substantially reduced the amount of compromised accounts. The company said hit has reduced the number by 99.7% since 2011.
Google security engineer Mike Hearn wrote:
Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made.
If a sign-in is deemed suspicious or risky for some reason—maybe it’s coming from a country oceans away from your last sign-in—we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we’ve dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.
According to Virus Bulletin this “could be the case,” but “Yahoo!, and to a lesser extent Hotmail (now Outlook.com), has a real problem.”
Google’s Matt Cutts tweeted a link to the report, calling it “some external validation that Google has radically reduced email spam from hijacked Gmail accounts”.
Some external validation that Google has radically reduced email spam from hijacked Gmail accounts: http://t.co/S1fqM1F3pe
The report itself says:
The legitimate feeds we use do receive the occasional spam email – usually from compromised accounts and typically sent to addresses contained in the compromised accounts’ address books. We have noticed a few emails from compromised Gmail accounts among these spam emails, but noticed that Yahoo! emails are far more prevalent. We were initially hesitant to draw conclusions from this: it is well possible that the feeds we receive are skewed towards certain email providers.
Indeed, they are skewed, but towards Gmail, whose messages are far more prevalent among the legitimate feeds. This makes the situation a lot worse for Yahoo!: over the last eight months of testing we have found that, in the legitimate email feeds, about one in 115 emails from the Sunnyvale-based company were spam, compared with fewer than one in 4,800 from Gmail. Hotmail, Microsoft’s free webmail service (now Outlook.com), isn’t doing particularly well either, with almost 1 in 325 emails being spam.
Not good news for Yahoo, which recently revamped its email service, and is currently facing a lot of user complaints about a homepage redesign. Nor is it great news for Microsoft who is heavily campaigning for Gmail users to switch to Outlook.com based on the notion that Google is somehow violating their privacy by algorithmically serving them ads as it has for nearly a decade.