Reading:
FTC prove that cyber-hackers can access and use breached data within 9 minutes of it being posted
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
I’m sure many are curious to find out where and how their data is used after hackers gain access to their information. According to a recent study, hackers are reportedly able to use leaked data within 9 minutes of it being posted.
Mr Salsburg, chief counsel and acting chief of research and investigation project at the FTC (Federal Trade Commission), reiterated the mysteriousness of what happens to data when it’s publicised:
“…there’s a real mystery of what happens to consumer data when it becomes public.”
But the dangers of how quickly it can be used are evident.
Since 2002, the FTC has brought over 60 cases against companies that have engaged in unfair or deceptive practices that put consumers’ personal data at unreasonable risk.
One such example is dating site Ashley Madison that was subjected to a hack. It transpired that the website allegdly deceived consumers and failed to protect 36 million users’ account and profile information in relation to the July 2015 data breach. Ashely Madison agreed to implement a data-security programme and also agreed to pay a total of $1.6 million (£1.2 million) to settle FTC and other actions.
In the FTC presentation, headed by Tina Yeung and Dan Salsburg at the FTC Office of Technology Research & Investigation, they stated that “if you post it, they will use it.”
They emphasised the fact that when sensitive consumer data such as credit card information or email login details are publicised – whether accidentally or purposely – it only takes cyber-hackers/thieves a matter of minutes to make an unauthorised access attempt. If not minutes, then at best, only a few hours; they warned that they’re quick to leech onto the information.
In order to oust some of the mysteriousness, researchers created 100 consumer profiles, making up names, gathering addresses from a national database, phone numbers and emails for the purposes of the study. Researchers also created payment methods for the study – online payment account, bitcoin wallet or a credit card. Passwords were also set up for the purposes of the study.
Upon setting up these batches of consumer profiles, Mr Salsburg states:
“…our goal was to make this customer database look as realistic as possible.”
The made-up database was released twice on a website known to cyber-thieves.
Within 90 minutes of the first release, some cyber-thieves had already tried to access the email and payment accounts – there were 100 views.
The researchers released the information again a week later – there were 550 views. It only took 9 minutes for the cyber-thieves to leech onto the information and start using the false data to make purchases as well as attempting to access the accounts.
The total amount of credit card purchase attempts amounted to $12,825.53 (£9,901.31) in just 2 weeks.
The noteworthy attempts of using the credit card information were on online dating services, pizza places and hotels.
The FTC’s study provides 3 insights that could assist consumers in protecting their data:
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
