Everyone has become accustomed to it by now but what happens to your information when there is a data breach?
In June 2020, Facebook lost user data and it suddenly popped up for sale online in a dark web forum. By April 2021, the massive data set of 500+ million Facebook profiles became free for download for everyone. After the cyber criminals cashed in, the hackers give away the data to boost their egos and popularity.
This giant data breach affected up to 20% of Facebook’s users. The leaked data included user mobile phone number, Facebook ID, name, gender, location, relationship status, occupation/employer, date of birth and email addresses.
Free information like that is hard to come by. Therefore, big data security becomes even more important.
After a data breach, what happens to data?
A fascinating recent published cyber security report earlier this year provided an inside look at where stolen data ends up. A file-sharing site on the dark web posted credentials anonymously.
Tracking data was done by cyber security researchers. When anyone opened the document, a hidden watermark could be seen. This watermark revealed geolocation, IP address, device type, and access information, and IP address.
Five countries on three continents were reached by the fake data breach in just a few days with more than 200 views. Over the course of less than two weeks, the video was viewed 1,081 times in 22 countries across five continents.
There are two groups of visitors to the website based on their frequency of viewing. One cybercrime syndicate is based in Nigeria, and the other is based out of Russia.
There are many online marketplaces, including those that operate above-board, that are as organized as the dark web. They are also carefully commoditized by faceless criminals.
Selling and trading information is a highly professional activity. To profit from a data breach, dark web customers require reliable transactions. Certain brokers even promise buyers satisfaction. The data dealers may offer to send another set of card data free of charge if the buyer of stolen credit card data is unable to make a purchase.
Data breach information will be gathered from a variety of sources by sophisticated cyber-criminal sellers. A provider may send them an email while another may send them credit card information. Another separate cyber-criminal vendor can provide information such as date of birth, social security number, and address. As a final step in synthetic identity theft, cyber-attackers can generate profiles about people from stolen medical data.
Motives Behind Threat Actors Dictates Where Data Ends Up
Financially motivated data breaches are more common than espionage breaches according to Verizon Data Breach Investigation Reports. Hacker threat actors typically demand a ransom for the data or sell it on the dark web to make money.
What Happens to Stolen Documents?
When there is a data breach, documents that are mostly hard-drive images converted into common compressed file formats that could be downloaded from file-sharing sites. The data can be packaged as spreadsheets or was run through memory-intensive searches that are very difficult to comprehend.
Corporations or any other organization who experiences a data breach like this have learned a very hard lesson. Your data may still end up on the internet even if you pay the ransom.
What Should You Do About Ransomware?
When there is a data breach and you consider the cyber-attacker’s perspective, collecting ransoms and selling the data is the most profitable scheme. Data exfiltration after paying a ransom has become more frequent in recent years. Legal police authorities, government agencies, and large corporations like IBM advise against paying ransomware ransoms as there is no guarantee that the cyber criminals will provide the decryption code.
If you pay the ransom and receive the decryption key, you will have to decrypt the files manually. Each needs to be decrypted separately, which can be time-consuming and difficult. Although decryption keys are available, recovery efforts may be just as complex and challenging as reimaging machines. The cost of paying the ransom may end up being as high as not paying it at all.