The 411 on the Breach Timeline

Stay Aware Stay Safe March 24, 2022
Hacker concept. Thiefs attack computer, steal personal data


The 411 on the Breach Timeline

Breaches and cyber attacks are happening constantly. We are all vulnerable as we navigate the internet, for work or personal use. If you’ve experienced a breached password OR just found out about compromised credentials from 2 years ago, what do you need to worry about? Let’s learn the breach timeline!

Even that password, compromised so long ago you don’t even remember creating the account, can be incredibly valuable for a fraudster. This occurs because most folks have a high password reuse rate. It’s very common for people to have 3-5 passwords that they rotate through and reuse. If a fraudster gets access to any of those passwords, they can get into any of your accounts currently using that password. 

Once they’ve gained access to your Netflix, Facebook, or PayPal account, your information is a data buffet for them. Since these breaches are happening every day, it can be helpful to see how your information goes through the breach timeline. 

The Breach Timeline is simple and the best way to fight against it is to regularly change and stop the reuse of passwords.

Step 1

Stolen data is shared with the fraudster’s trusted associates. Depending on the size of the breach, it can take a lot of time and people to organize and decode the data. At this point in the process, the company that has been breached may not even know. Any identity management service (including InstantAlly), won’t necessarily be able to notify you of the breach. If a breach happens today, and you’re hearing about it on the news, you should take proactive steps even before InstantAlly notifies you. This is why it’s critical to start using unique passwords and antivirus software TODAY. 

Step 2

The group tries to identify high-value targets in the data to attack. This is when targeted attacks occur, including multi-factor authentication bypass attacks and ransomware attacks. The best way to protect yourself is to regularly change your passwords and check for password reuse (a password manager can help with this). At InstantAlly, we partner with leading cybersecurity experts in an effort to notify you at this stage whenever possible, when other services may not be able to.

Step 3

Fraudsters sell the stolen data to other fraudsters on the dark web. This can take up to 24 months. Your data is considered active and valuable on the dark web for a long time. During this time it is collected and redistributed through many channels that may or may not result in automated attacks, such as credential stuffing. This is when you may see attempted log-ins to accounts that you rarely use or have forgotten about. It is critical to stop the reuse of exposed passwords or variations of them.

It can be overwhelming to wrap your head around the different ways you’re vulnerable after a data breach. Remember: your compromised credentials are valuable, even if the breach occurred years ago. InstantAlly, a password manager, and antivirus software can help you protect your data throughout the different stages of the breach timeline.