How quickly hackers can access, use your personal data following a data breach

Cybercriminals can access your data within an hour once it hits the dark web, a cybersecurity researcher told the KSL Investigators. (KSL TV)



SALT LAKE CITY — You might already know that when personal information gets compromised in a data breach, it often ends up on the dark web where hackers can access it and use it. But do you know how quickly the cybercriminals can reach your data once it hits the dark web?

It could happen within an hour, a cybersecurity researcher told the KSL Investigators, in hopes of sharing this knowledge so we can better protect ourselves.

Crane Hassold normally works hard at keeping the bad guys away from leaked personal information, like our email addresses and passwords. But Hassold, who is the senior director of Threat Research for Agari, and his company, did the opposite. They deliberately planted thousands of dummy login credentials in online hacker forums.

"While we are certainly looking to protect our customers against email-based threats, we want to know the full cycle of how these attacks operate," explained Hassold.

After six months of planting credentials from popular software applications, the Agari researchers found:

  • Nearly 1 out of 5 (18%) of accounts gets accessed within one hour
  • 40% are accessed by cybercriminals within six hours
  • Half are tapped into within 12 hours of ending up on the dark web
  • What's worse is the research showed that often, the hacker only actually logs into a compromised account once. It's what they do while inside the account that pays off for them.

Agari watched hackers change security settings and set up inbox rules to surreptitiously forward future emails back to the hackers.

"Some attackers that are writing rules, looking for specific types of information and emails, 'only send me the emails that have to do with payments or invoices or customer information,'" explained Hassold.

What it all showed to Hassold is that it is not enough to change our passwords once our email address has been compromised. He said you need to go through the process of really figuring out what the crook did while inside.

"If an attacker has set up any inbox rules that will forward copies of emails out to another email address, those need to be remediated as well and taken care of as well," he said. "And so, you need to make sure that all of the footprints of an attacker need to be taken care of before a compromised account can be determined to be completely fixed."

The cybercriminals mostly used the dummy accounts to try to send out more phishing emails and links to get even more login credentials.

Hassold said if your account is hacked, you must act fast.

Related Stories

Matt Gephardt
Sloan Schrage

SIGN UP FOR THE KSL.COM NEWSLETTER

Catch up on the top news and features from KSL.com, sent weekly.
By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

KSL Weather Forecast