Here’s what happens when hackers steal your personal data

We all know that hackers are looking to steal credentials and get their hands on sensitive data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

We all know that hackers are looking to steal credentials and get their hands on sensitive data, but exactly how does this process work?

Researchers at data protection companyBitglasscarried out its second ‘Where’s Your Data’ experiment, creating a digitalidentityfor an employee of a fictitious retail bank, a functional web portal for the bank, and aGoogleDrive account, complete with real credit-card data.

The process

The process

The team then leaked ‘phished’ Google Apps credentials to the Dark Web and tracked activity across the fictitious employee’s online accounts. Within the first 24 hours, there were five attempted bank logins and three attempted Google Drive logins. Files were downloaded within 48 hours of the initial leak. Bitglass’CloudAccess Security Broker (CASB) monitoring showed that over the course of a month, the account was viewed hundreds of times and many hackers successfully accessed the victim’s other online accounts.

Over 1,400 visits were recorded to the Dark Web credentials and the fictitious bank’s web portal and one in ten hackers attempted to log in to Google with the leaked credentials. 94 per cent of hackers who accessed the Google Drive uncovered the victim’s other online accounts and attempted to log into the bank’s web portal.

In addition 12 per cent of hackers who successfully accessed the Google Drive attempted to download files with sensitive content. Hackers came from more than 30 countries, though 68 per cent all logins came from Tor-anonymised IP addresses, of non-Tor visits to the website 34.85 per cent came from Russia, 15.67 per cent from the US and 3.5 per cent from China.

FBI warns hackers are stealing healthcare payments>Hackers are stealing browser cookies to glide past MFA>Best business password managers in 2022

“Our second data-tracking experiment reveals the dangers of reusingpasswordsand shows just how quickly phished credentials can spread, exposing sensitive corporate and personal data,” says Nat Kausik, CEO of Bitglass. “Organisations need a comprehensive solution that provides a more secure means of authenticating users and enables IT to quickly identify breaches and control access to sensitive data”.

More detail of the experiment and its findings is available in the full report which can be downloaded from theBitglass website.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ian Barker worked in information technology before discovering that writing about computers was easier than fixing them. He has worked for a staff writer on a range of computer magazines includingPC Extreme, was editor ofPC Utilities, and has written for TechRadar, BetaNews, IT Pro Portal, and LatestGadgets.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin