“By the time you hear about a data breach, it’s way too late to put measures in” place to lock thieves out from using that data.
“If you post it, they will use it,” concluded a Federal Trade Commission presentation on a new agency study. And quickly. When leaked consumer data like credit card numbers or email login details are made public, it’s a matter of minutes (and at best, hours) before thieves make an unauthorized access attempt, it found.
“There’s a real mystery of what happens to consumer data when it becomes public,” said study co-author Dan Salsburg, chief counsel and acting chief of the FTC’s Office of Technology Research and Investigation.
To see what happens to leaked data, researchers crafted a batch of 100 consumer profiles, each including a made-up name, an address from a national database, a phone number and email set up for the purpose of the study, and one payment mechanism also set up for the study — either an online payment account, a bitcoin wallet or a credit card. Each customer profile also included a password, although they didn’t specify what the password was for.
“Our goal was to make this customer database look as realistic as possible,” Salsburg said — as if it could have been stolen from a small business.