Every once upon a time, certain services report that their clients’ data has been publicly disclosed for all the world to see. After that thousands, sometimes millions, of tiny details about users start to circulate on the Internet. However, what happens to this lost information exactly? Who uses it? What for? FTC Office of Technology Research & Investigation aimed to answer these questions.
Since we have reported many security breaches, it has come to our attention that some of our visitors might not be well-informed about the ways confidential details are used by cyber criminals. You may understand the concept of a data breach, but might not be sure of the ways that hackers can exploit the publicly-released information. To tell you the truth, there is a whole of bunch of purposes that confidential details could be utilized for.
FTC Office of Technology Research & Investigation commenced a study which was focused on discovering what exactly happens to data after it is posted on the Internet. The study of credential use concentrated on three objectives: generation of approximately 100 fake accounts, posting their data publicly and monitoring the usage of the disclosed information. Private details that were included contained made-up names, addresses, phone numbers, email addresses, passwords, online payment accounts, credit card numbers and bitcoin wallets. A whole bouquet of exciting data that hackers were expected to stumble upon.
For comparison, the same credentials were posted twice. The first stage occurred on 27th of April, while the second took place on 4th of May. Data was published in different formats and at different times. After the first publication of info, more than 100 views were recorded. Surprisingly, the second attempt received more information with the approximately 550 views in total. After posting number 2, it took only 9 minutes or vicious parties to take the bait and attempt to exploit the discovered data.
Results of the second publication were much more fruitful, as total unauthorized access attempts were counted to be 1108, while the first one only had 119. As it would be expected, hackers were mostly interested in credentials of payment accounts, credit card numbers and email services. Mostly, people from United States of America attempted to exploit the publicly exposed data. Other leading culprits are from Britain, Brazil, Germany and Romania.
Financial losses were proven to be a very realistic consequence of a data breach. Thieves of credentials attempted to exploit banking account information to pay for services of retailers, gaming, entertainment, e-payment services, online tools, food, gift cards, travels, mobile phones and other purposes. The biggest sum that was attempted to be paid via a stolen banking account information was $2,697.75. The vicious person attempted to pay for clothes. The total financial losses of this fake breach reached $12,825.53.
The research that FTC Office of Technology Research & Investigation has managed to pursue is quite impressive and informative. It shows that every breach of confidential information can lead to unfortunate consequences. For this reason, analysts suggest that more security measures would be applied, like two-factor authentication.
We hope that the possible results of a data breach are clearer now.
Source: ftc.gov
