When the Federal Trade Commission (FTC) staff set out to measure how rapidly data can be misused, they didn’t expect it to happen so fast. An experiment conducted by FTC’s Office of Technology Research and Investigation (OTECH) turned up some very busy hackers who wasted no time trying to gain financially from the data set FTC posted on a website.
The credentials study was constructed to determine how ID thieves utilize stolen data. Some of the data, including some passwords, was fake; some was genuine. Legitimate passwords were protected by two-factor authentication.
The info dump was viewable on a popular paste site known for sharing data breached by numerous actors. The FTC’s fake data packet was posted twice—on April 27 and May 4.
“After the first posting, it took an hour and a half for the first attempt to access (an) account,” said OTECH technologist Christina Yeung.
The second posting eclipsed that record by 90 percent. It took just nine minutes for a hacker to attempt to use the data for financial gain.
In all, hackers made over 500 attempts to access posted email addresses. Some attempted purchases were small. The largest expense attempted was for $2,697.
Curiously, eight attempts involved donations to charities. OTECH officials speculate that those donations could have been made to verify account validity. Other hackers tried to fund their own insurance and investment accounts.
Time matters when it comes to reporting a data loss of your own. If your credit or debit card is compromised, don’t delay. Notify the institution ASAP to cut down on the bogus charges you’ll have to clean up.