9 Minutes To Use Your Stolen Credentials?

As part of a recent study, the Federal Trade Commission (FTC) created a fake customer database of approximately 100 individuals and leaked it on a website frequented by identity thieves.  The data included consumer names, addresses, phone numbers, email addresses, passwords, and payment information (such as a credit card or online account).  None of these individuals were real people, but the credentials were designed to appear legitimate. 

How long did it take before identity thieves tried to use the data?  Only 9 minutes!  Identity thieves tried to log into the 100 fake customers’ email and payment accounts more than 1200 times and attempted almost $13,000 in unauthorized charges.


Moral of the study: If they post it, they will use it.  By the time you hear about a data breach, it may be too late to protect yourself.  So how can consumers help to protect themselves from this type of fraudulent activity? 

Before you hear about a breach:

  • Use unique and complex passwords for all online accounts
  • Use two factor authentication on your email, financial accounts, social media, and other sensitive accounts
  • Set up email or text message alerts to notify you credit card and bank withdrawal activity
  • Carefully monitor credit card and bank transaction activity online
  • Avoid the use of debit cards
  • Install and update anti-malware software on your computers and mobile devices

If you do learn about a breach, consult our Consumer Guide What to Do When You Receive a Data Breach Notice.  Also check out the infographic What To Do After A Data Breach.