KSL INVESTIGATES

How Quickly Hackers Access, Use Your Personal Data Following A Data Breach

Jul 19, 2021, 7:13 PM | Updated: Jul 14, 2023, 2:33 pm

SALT LAKE CITY — You might already know that when personal information gets compromised in a data breach, it often ends up on the dark web where hackers can access it and use it. But do you know how quickly the cyber criminals can reach your data once it hits the dark web?

It could happen within an hour, a cybersecurity researcher told the KSL Investigators, in hopes of sharing this knowledge so we can better protect ourselves.

Crane Hassold normally works hard at keeping the bad guys away from leaked personal information, like our email addresses and passwords. But Hassold, who is the senior director of Threat Research for Agari, and his company did the opposite. They deliberately planted thousands of dummy login credentials in online hacker forums.

“While we are certainly looking to protect our customers against email-based threats, we want to know the full cycle of how these attacks operate,” explained Hassold.

After six months of planting credentials from popular software applications, the Agari researchers found:

  • Nearly one out of five (18%) accounts gets accessed within one hour
  • 40% are accessed by cyber criminals within six hours
  • Half are tapped into within 12 hours of ending up on the dark web

What’s worse is the research showed that often, the hacker only actually logs into a compromised account once. It’s what they do while inside the account that pays off for them.

Agari watched hackers change security settings and set up inbox rules to surreptitiously forward future emails back to the hackers.

“Some attackers that are writing rules, looking for specific types of information and emails, only send me the emails that have to do with payments or invoices or customer information, and only send those to me,” explained Hassold.

What it all showed to Hassold is that it is not enough to change our passwords once our email address has been compromised. He said you need to go through the process of really figuring out what the crook did while inside.

“If an attacker has set up any inbox rules that will forward copies of emails out to another email address, those need to be remediated as well and taken care of as well,” he said. “And so, you need to make sure that all of the footprints of an attacker needs to be taken care of before a compromised account can be determined to be completely fixed.”

The cyber criminals mostly used the dummy accounts to try to send out more phishing emails and links to get even more login credentials.

Hassold said if your account is hacked, you must act fast.

KSL Investigates

You might think of a hacker as a mysteriously hooded, anti-social computer genius in a dark room cr...

Matt Gephardt and Sloan Schrage

Teen hackers: How AI is changing the nature of hacking and other fraudulent activities

The average age of people arrested for a crime in the U.S. is 37, according to numbers from the FBI. But when you're talking about jailed cybercriminals that average age drops way down to 19.

3 days ago

Larry and Barbara Boynton, who were married for 54 years before her death in 2016, are pictured in ...

Annie Knox

He wore toxins home; she did the laundry. Why a Utahn’s lawsuit over his wife’s death is going back to trial

Should a company be responsible when workers don't get sick from the job, but their family members do? The question's at the heart of a Utah lawsuit.

3 days ago

A letter to a prospective juror informing them that they are being considered for jury duty....

Matt Gephardt

Get Gephardt: How can a noncitizen receive a summons for jury duty?

A Utah man got a Jury Summons, but the problem is, he cannot legally sever on a jury because he is not a US citizen.

4 days ago

FILE — A state panel has ruled in favor of transparency again, ordering the AG’s office to tur...

Annie Knox

Controversies keep an unflattering spotlight on Utah Attorney General’s Office

As Utah’s top cop, Sean Reyes took aim at human trafficking, the opioid crisis and other issues. But scandal and a lack of transparency took center stage.

4 days ago

KSL’S Matt Gephardt and producer Sloan Schrage sampled the quality of the deeply discounted food ...

Matt Gephardt

New approach to cutting down expired food could save you money

Food prices have risen nearly 30% since 2019 and the USDA expects prices to rise by nearly 2% more this year. Now, a new app is offering shoppers big discounts on food that’s nearly expired or is in damaged packaging. So, KSL’s inflation buster Matt Gephardt tests just how well the app works and whether the food is worth eating.

5 days ago

Employees of Frenchies Modern Nail Care in Rivertan claim they are owed thousands in unpaid wages a...

Courtney Johns

‘Do the right thing’: Employees claim owner owes thousands after abrupt salon shutdown

Employees of a Riverton nail salon claim they are owed thousands in unpaid wages after the business abruptly closed in December.

6 days ago

Sponsored Articles

holiday gift basket with blue tissue paper and gingerbread cookies...

Kneaders Bakery & Cafe

Holiday hacks for a stress-free season

Get more out of your time with family and loved ones over the holidays by following these tips for a stress-free season.

2 computer techs in a computer shop holding up a computer server with the "hang loose" sign...

PC Laptops

A comprehensive guide to choosing the right computer

With these tips, choosing the right computer that fits your needs and your budget will be easier than ever.

crowds of people in a German style Christmas market...

This Is The Place Heritage Park

Celebrate Christkindlmarket at This Is The Place Heritage Park!

The Christkindlmarket is an annual holiday celebration influenced by German traditions and generous giving.

Image of pretty woman walking in snowy mountains. Portrait of female wearing warm winter earmuff, r...

Lighting Design

Brighten your mood this winter with these lighting tricks

Read our lighting tips on how to brighten your mood in the winter if you are experiencing seasonal affective disorder.

A kitchen with a washer and dryer and a refrigerator...

Appliance Man

Appliance Man: a trusted name in Utah’s home appliance industry

Despite many recent closures of local appliance stores, Appliance Man remains Utah's trusted home appliance business and is here to stay.

abstract vector digital social network technology background...

Les Olson

Protecting yourself against social engineering attacks

Learn more about the common types of social engineering to protect your online or offline assets from an attack.

How Quickly Hackers Access, Use Your Personal Data Following A Data Breach