How Quickly Hackers Access, Use Your Personal Data Following A Data Breach
SALT LAKE CITY — You might already know that when personal information gets compromised in a data breach, it often ends up on the dark web where hackers can access it and use it. But do you know how quickly the cyber criminals can reach your data once it hits the dark web?
It could happen within an hour, a cybersecurity researcher told the KSL Investigators, in hopes of sharing this knowledge so we can better protect ourselves.
Crane Hassold normally works hard at keeping the bad guys away from leaked personal information, like our email addresses and passwords. But Hassold, who is the senior director of Threat Research for Agari, and his company did the opposite. They deliberately planted thousands of dummy login credentials in online hacker forums.
“While we are certainly looking to protect our customers against email-based threats, we want to know the full cycle of how these attacks operate,” explained Hassold.
After six months of planting credentials from popular software applications, the Agari researchers found:
- Nearly one out of five (18%) accounts gets accessed within one hour
- 40% are accessed by cyber criminals within six hours
- Half are tapped into within 12 hours of ending up on the dark web
What’s worse is the research showed that often, the hacker only actually logs into a compromised account once. It’s what they do while inside the account that pays off for them.
Agari watched hackers change security settings and set up inbox rules to surreptitiously forward future emails back to the hackers.
“Some attackers that are writing rules, looking for specific types of information and emails, only send me the emails that have to do with payments or invoices or customer information, and only send those to me,” explained Hassold.
What it all showed to Hassold is that it is not enough to change our passwords once our email address has been compromised. He said you need to go through the process of really figuring out what the crook did while inside.
“If an attacker has set up any inbox rules that will forward copies of emails out to another email address, those need to be remediated as well and taken care of as well,” he said. “And so, you need to make sure that all of the footprints of an attacker needs to be taken care of before a compromised account can be determined to be completely fixed.”
The cyber criminals mostly used the dummy accounts to try to send out more phishing emails and links to get even more login credentials.
Hassold said if your account is hacked, you must act fast.