The FTC recently did an experiment to see how quickly thieves used stolen data after it was posted on the dark web.
They created 100 fictitious consumers and gave them credit cards or bitcoin wallets. Each fictitious consumer had a name, email and passwords as well.
They posted the data twice – first on April 27th and then again on May 4th.
There are two kinds of thieves, the FTC says. Ones who run test transactions to see if the card still works and others who just make big purchases right off the bat.
After the data was published on May 4th, it took thieves NINE MINUTES to start using the data. On April 27th, it took a little longer – NINETY MINUTES.
In either case, it says that it doesn’t take very long.
In total there were over 1,200 attempts to use the bogus accounts. In addition, there were close to 500 attempts to access the bogus emails. The attempted transactions were for more than $12,000.
One note that the FTC did make – none of the accounts that had two factor authentication enabled were accessed. Almost everyone offers two factor authentication these days. We recommend that you use two factor authentication whenever it is available.
Information for this post came from CNN.