FTC prove that cyber-hackers can access and use breached data within 9 minutes of it being posted
data study

FTC prove that cyber-hackers can access and use breached data within 9 minutes of it being posted

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

I’m sure many are curious to find out where and how their data is used after hackers gain access to their information. According to a recent study, hackers are reportedly able to use leaked data within 9 minutes of it being posted.

Mr Salsburg, chief counsel and acting chief of research and investigation project at the FTC (Federal Trade Commission), reiterated the mysteriousness of what happens to data when it’s publicised:

“…there’s a real mystery of what happens to consumer data when it becomes public.”

But the dangers of how quickly it can be used are evident.

FTC’s role and example of their enforcement

Since 2002, the FTC has brought over 60 cases against companies that have engaged in unfair or deceptive practices that put consumers’ personal data at unreasonable risk.

One such example is dating site Ashley Madison that was subjected to a hack. It transpired that the website allegdly deceived consumers and failed to protect 36 million users’ account and profile information in relation to the July 2015 data breach. Ashely Madison agreed to implement a data-security programme and also agreed to pay a total of $1.6 million (£1.2 million) to settle FTC and other actions.

FTC’s presentation

In the FTC presentation, headed by Tina Yeung and Dan Salsburg at the FTC Office of Technology Research & Investigation, they stated that “if you post it, they will use it.”

They emphasised the fact that when sensitive consumer data such as credit card information or email login details are publicised – whether accidentally or purposely – it only takes cyber-hackers/thieves a matter of minutes to make an unauthorised access attempt. If not minutes, then at best, only a few hours; they warned that they’re quick to leech onto the information.

FTC’s study

In order to oust some of the mysteriousness, researchers created 100 consumer profiles, making up names, gathering addresses from a national database, phone numbers and emails for the purposes of the study. Researchers also created payment methods for the study – online payment account, bitcoin wallet or a credit card. Passwords were also set up for the purposes of the study.

Upon setting up these batches of consumer profiles, Mr Salsburg states:

“…our goal was to make this customer database look as realistic as possible.”

The made-up database was released twice on a website known to cyber-thieves.

Within 90 minutes of the first release, some cyber-thieves had already tried to access the email and payment accounts – there were 100 views.

The researchers released the information again a week later – there were 550 views. It only took 9 minutes for the cyber-thieves to leech onto the information and start using the false data to make purchases as well as attempting to access the accounts.

The total amount of credit card purchase attempts amounted to $12,825.53 (£9,901.31) in just 2 weeks.

The noteworthy attempts of using the credit card information were on online dating services, pizza places and hotels.

FTC’s advice

The FTC’s study provides 3 insights that could assist consumers in protecting their data:

  • Continuously monitor your accounts – setting up alerts for suspicious transactions like big purchases and purchases made abroad could increase the protection on your accounts.
  • Enable two-factor authentication – this can force cyber-thieves to hold additional ID knowledge beyond the password. This could also be used as a notification system that someone is trying to log into your account from a different device.
  • Put additional precautions in place – it’s important to be proactive and not reactive, because when cyber-hacks have already taken place, the damage has already been done. Proactive steps could include using a complex password which is unique to each and every one of your accounts.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon