A new Google study reveals how accounts get hacked, taken over, or hijacked.

The threats online can be summed up to keylogging, third-party breaches, and phishing, which has been discovered to be the biggest threat among the three.

Google partnered up with the University of California, Berkeley, to carry out the study. The team analyzed the online black market from March 2016 to March 2017.

Third-party breaches exposed 3.3 billion credentials, while keyloggers and phishing were responsible for stealing 788,000 and 12 million credentials respectively.

According to Google, 12 percent of the exposed data via third-party breaches used Gmail addresses as usernames, and the passwords for 7 percent of those accounts were reused in other services, meaning that they were more vulnerable to hacks and other online attacks.

The study also says that 82 percent of blackhat phishing tools and 74 percent of keyloggers would try to collect IP addresses. Yet, only 18 percent targeted phone numbers and the device’s make and model.