Ride the Lightning

Data Thieves Try to Exploit Stolen Data Within Nine Minutes

June 7, 2017

As SC Magazine reported on May 26th, in an effort to see what happens after a data breach, the Federal Trade Commission leaked a database of 100 fake customers and found it only took 9 minutes for crooks to attempt to access the information.

The FTC's Office of Technology made the information realistic by using popular names based on Census data, addresses from across the country, e-mail addresses that used common e-mail address naming conventions, phone numbers that corresponded to the addresses, and one of three types of payment information (an online payment service, a bitcoin wallet or a credit card).

Researchers then twice posted the information to a popular hacker forum where stolen credentials are shared – within 9 minutes of the second post, hackers were attempting to use the stolen data to pay for all sorts of things, including clothing, games, online dating memberships and pizza.

More than 1,200 attempts were made to exploit the stolen information.

Most companies who have had such data breaches are quick to say that they have no evidence that the information has been used. I think that's mostly because they don't want to know. Or maybe, if they've read the study, they say it within the first eight minutes.

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson